Jump to content

bt.scour is redirecting me


Recommended Posts

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download DDS from one of the following links and save it to your desktop.


  • [*]Disable any script blocking protection (How to Disable your Security Programs)

    [*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

    [*]When done, DDS.txt will open.

    [*]After a few moments, attach.txt will open in a second window.

    [*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
    Vista and Windows 7 users right click the icon and choose "Run as administrator".
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswMBRscan-1.png

Click the image to enlarge it

----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe. :)

Link to post
Share on other sites

The DDS log is below. When I try to click on aswMBR from my desktop, it doesn't actually open.

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.17115 BrowserJavaVersion: 1.6.0_26

Run by Steve at 9:41:26 on 2012-11-08

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1901 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\Explorer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\ComicRack\ComicRack.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{95874F3A-0BE7-4B54-A226-1185D7716EB4} : DHCPNameServer = 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 346144]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-12-4 29288]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-12-4 29288]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-12-4 29288]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-12-4 29288]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-12-4 29288]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

SUnknown gnqmcoet;gnqmcoet; [x]

.

=============== Created Last 30 ================

.

2012-11-08 02:36:50 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37983D34-5279-43D0-8463-ED8790E8932F}\mpengine.dll

2012-11-07 15:00:58 -------- d-----w- C:\Users\Steve\AppData\Roaming\cYo

2012-11-07 15:00:58 -------- d-----w- C:\Users\Steve\AppData\Local\cYo

2012-11-07 02:32:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-07 02:31:36 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll

2012-11-07 02:30:56 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-06 14:20:19 -------- d-----w- C:\Users\Steve\Adobe Creative Suite 2

2012-11-06 14:20:08 -------- d-----w- C:\Users\Steve\Adobe Stock Photos

2012-11-06 14:18:25 -------- d-----w- C:\Users\Steve\Adobe Photoshop CS2

2012-11-06 14:18:10 -------- d-----w- C:\Users\Steve\Adobe Help Center

2012-11-06 14:17:19 -------- d-----w- C:\Users\Steve\Adobe Bridge

2012-11-06 01:41:09 98816 ----a-w- C:\Windows\sed.exe

2012-11-06 01:41:09 256000 ----a-w- C:\Windows\PEV.exe

2012-11-06 01:41:09 208896 ----a-w- C:\Windows\MBR.exe

2012-11-06 01:40:03 -------- d-----w- C:\ComboFix

2012-11-05 04:47:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-11-05 04:47:22 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-11-05 04:46:53 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-11-05 02:30:56 -------- d-----w- C:\_OTL

2012-11-04 20:18:53 -------- d-----w- C:\Users\Steve\AppData\Local\Macromedia

2012-11-04 19:48:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes

2012-11-04 19:48:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-04 19:48:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-04 16:23:15 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-11-04 15:56:44 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-11-04 15:49:33 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-02 06:51:20 9291768 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll

2012-10-31 06:55:23 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-31 06:55:21 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-10-31 06:55:21 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-10-18 00:52:20 -------- d-----w- C:\Users\Steve\AppData\Local\{296CED92-D45F-477A-BC04-A0B8711F26C2}

2012-10-10 02:10:59 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 02:10:58 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 02:10:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 02:10:58 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 02:10:58 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 02:10:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-11-06 06:02:06 328704 ----a-w- C:\Windows\System32\services.exe

2012-11-04 17:23:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec

2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-15 07:24:18 0 ----a-w- C:\Windows\SysWow64\sho4B32.tmp

2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

.

============= FINISH: 9:46:27.89 ===============

attach.txt

Link to post
Share on other sites

here it is:

ComboFix 12-11-05.03 - Steve 11/05/2012 20:50:07.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1488 [GMT -5:00]

Running from: c:\users\Steve\Downloads\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\Adobe\Photoshop.exe

c:\program files (x86)\Adobe\SHFOLDER.dll

c:\programdata\TgaFFPAGkWj3tw

c:\users\Steve\AppData\Roaming\Daon

c:\users\Steve\AppData\Roaming\Daon\hyki.rux

c:\users\Steve\AppData\Roaming\inst.exe

c:\users\Steve\AppData\Roaming\vso_ts_preview.xml

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

.

2012-11-06 02:31 . 2012-11-06 02:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-06 02:31 . 2012-11-06 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-06 01:13 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6277D9CC-2F7B-4EF1-AA71-7AE41727F73F}\mpengine.dll

2012-11-06 01:05 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client

2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL

2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed

2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll

2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-10-10 02:10 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 02:10 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 02:10 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 02:10 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 02:10 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 02:10 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll

2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll

2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec

2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec

2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-15 07:24 . 2012-08-15 07:24 0 ----a-w- c:\windows\SysWow64\sho4B32.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-12-15 917648]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]

.

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]

.

2012-11-06 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\v51hvgy6.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

AddRemove-1718044736.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]

"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,

ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe

.

**************************************************************************

.

Completion time: 2012-11-05 23:50:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-06 04:50

.

Pre-Run: 75,107,622,912 bytes free

Post-Run: 74,642,358,272 bytes free

.

- - End Of File - - 2D6E2E44AC9E0136381740FCE189EA72

Link to post
Share on other sites

Thanks....just as a note though....you shouldn't run ComboFix without the guidance of a trained helper. Even with the best intentions, ComboFix is a very powerful tool to remove malware and if used incorrectly could turn your computer into a very nice doorstep. :o

-----------

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

yeah....i found out how powerful combofix is when i was looking for fixes for this thing and it deleted a bunch of programs from my computer. :)

I tried TDSSKiller and it won't open either. it just gives me the 'loading' circle for a second, then it doesn't actually do anything.

(thank you for your help, by the way! i've been tearing my hair out trying to fix this.)

Link to post
Share on other sites

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible

Take a screenshot and post it here

Are you able to burn a CD on another computer ?

-------------

Link to post
Share on other sites

  • Place TDSSKiller.exe in Malwarebytes Chameleon folder.
    C:\Program Files\Malwarebytes' Anti-Malware\Chameleon
  • Install the Chameleon driver by doing the following: Press the Windows key + R and in the Run box, copy and paste the following command in the Code Box below then press Enter.
    "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o


  • A black DOS prompt will appear with a prompt to press any key to continue, please do.
  • Execute TDSSKiller.exe by doubleclicking on it
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default)
  • Click Continue then click Reboot now
  • Once complete, a log will be produced at the root drive which is typically C:\ (For example, C:\TDSSKiller.version_date_time_log.txt)
  • Please attach that log in reply.

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    c:\windows\SysWow64\sho4B32.tmp

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

ok....here's the new log. my computer seems to be running slower now than before. explorer.exe is now using 270,000 K of memory. it was using around 40 K (if i remember correctly), then around 110 when i first got the virus. I'm going to try re-starting it, but i wanted to post the log first.

ComboFix 12-11-12.02 - Steve 11/12/2012 9:43.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1745 [GMT -5:00]

Running from: c:\users\Steve\Downloads\ComboFix.exe

Command switches used :: c:\users\Steve\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\sho4B32.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\sho4B32.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))

.

.

2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58000267-8DCB-4E6D-9198-1C4C860343F8}\mpengine.dll

2012-11-10 22:51 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo

2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo

2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll

2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2

2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos

2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2

2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center

2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge

2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client

2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL

2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes

2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed

2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll

2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll

2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll

2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec

2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec

2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]

.

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]

.

2012-11-12 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe

AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]

"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,

ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-12 10:41:35

ComboFix-quarantined-files.txt 2012-11-12 15:41

ComboFix2.txt 2012-11-06 04:50

.

Pre-Run: 75,450,884,096 bytes free

Post-Run: 75,355,418,624 bytes free

.

- - End Of File - - 2A64CD3DA178CE097BAB1F60BA3BB675

Link to post
Share on other sites

Let's get a different look...

FRST

Download the 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------

Link to post
Share on other sites

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

---------

Link to post
Share on other sites

here it is after running the newest version.

ComboFix 12-11-12.03 - Steve 11/12/2012 22:06:27.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1909 [GMT -5:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))

.

.

2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-13 03:02 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC18FB47-BA93-4257-BEB6-94683C0E55C4}\mpengine.dll

2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo

2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo

2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll

2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2

2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos

2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2

2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center

2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge

2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client

2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL

2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes

2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes

2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed

2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll

2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll

2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll

2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec

2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec

2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]

.

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]

.

2012-11-13 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]

"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,

ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-12 23:02:00

ComboFix-quarantined-files.txt 2012-11-13 04:01

ComboFix2.txt 2012-11-12 15:41

ComboFix3.txt 2012-11-06 04:50

.

Pre-Run: 75,231,473,664 bytes free

Post-Run: 74,723,389,440 bytes free

.

- - End Of File - - 2140B51E62AC8AC7D486565F5A0C73AE

Link to post
Share on other sites

Hi,

Great job getting all of these logs. :)

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

:) here's the OTL one:

OTL logfile created on: 11/13/2012 9:31:23 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.29% Memory free

6.00 Gb Paging File | 4.13 Gb Available in Paging File | 68.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.38 Gb Total Space | 69.18 Gb Free Space | 15.26% Space Free | Partition Type: NTFS

Drive D: | 12.26 Gb Total Space | 1.49 Gb Free Space | 12.14% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Steve | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)

DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)

DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)

DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)

DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)

DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9}

IE:64bit: - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE:64bit: - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9}

IE - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M]

[2011/01/17 23:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions

[2012/11/06 20:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\extensions

[2012/09/22 01:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/31 01:55:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/10/31 01:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/31 01:55:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/12 10:22:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)

O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95874F3A-0BE7-4B54-A226-1185D7716EB4}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 23:02:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/12 22:00:05 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/11/12 21:52:43 | 005,000,679 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe

[2012/11/10 17:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/10 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/10 17:39:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe

[2012/11/10 17:38:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe

[2012/11/09 22:10:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - straight outta boone county (bloodshot records)

[2012/11/09 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disk 2)

[2012/11/09 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - 13 hillbilly giants

[2012/11/09 11:41:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disc 1)

[2012/11/09 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - couples in trouble

[2012/11/09 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - country isn't pretty

[2012/11/09 11:09:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - bloodied but unbowed -- the soundtrack (bloodshot records, 2006)

[2012/11/09 11:01:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\down by the old mainstream

[2012/11/09 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks-south mouth-1997

[2012/11/09 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin_ 11 years of bloodshot records (disc 2)

[2012/11/09 10:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin -11 years of bloodshot records (disc 1)

[2012/11/09 10:30:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\v.a. - bloodshot records - the bottle let me down

[2012/11/09 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - insurgent country vol 1. for a life of sin

[2012/11/09 10:29:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va ~ bloodshot records

[2012/11/09 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va- down to the promised land- five years of bloodshot records_(2000)

[2012/11/09 10:28:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - happy (plays music of michael jackson) 2010

[2012/11/09 10:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - revenge

[2012/11/09 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - the very best of 1999

[2012/11/09 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 1998 - let's kill saturday night

[2012/11/08 09:31:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe

[2012/11/08 09:29:26 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr

[2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\cYo

[2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\cYo

[2012/11/06 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Old Firefox Data

[2012/11/06 10:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack

[2012/11/06 09:52:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ryan miller - [2012] safety not guaranteed

[2012/11/06 09:49:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ray lamontagne - [2010] god willin' & the creek don't rise

[2012/11/06 09:49:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\one lonesome saddle

[2012/11/06 09:48:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\gossip in the grain

[2012/11/06 09:48:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\till the sun turns black

[2012/11/06 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Creative Suite 2

[2012/11/06 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Stock Photos

[2012/11/06 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Photoshop CS2

[2012/11/06 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Help Center

[2012/11/06 09:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2012/11/06 09:17:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Bridge

[2012/11/05 20:41:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/05 20:41:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/05 20:41:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/05 20:36:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/05 20:34:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/04 23:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/11/04 23:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/11/04 21:30:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/04 18:45:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe

[2012/11/04 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia

[2012/11/04 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes

[2012/11/04 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/04 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/04 14:18:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com

[2012/11/04 10:56:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012/11/04 10:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/10/25 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\titus andronicus [us 2012] local business

[2012/10/25 22:32:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tenacious d - rize of the fenix (2012) (usa comedy rock acoustic rock hard rock) released - may 2012

[2012/10/25 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\doug stanhope - before turning the gun on himself... [2012]

[2012/10/25 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the prophet

[2012/10/25 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\louis ck beacon theatre

[2012/10/25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\failed states [deluxe] 320

[2012/10/24 03:08:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\marty robbins - adios amigo (1977)

[2012/10/24 03:06:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\dance with them that brung me

[2012/10/24 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle - dancin' with them that brung me

[2012/10/24 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 1

[2012/10/24 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1987 - at my window

[2012/10/24 01:02:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\simple gearle

[2012/10/24 00:57:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - country drinking songs

[2012/10/24 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 2

[2012/10/24 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\texas rain(with willie nelson, emmylou harris, doug sahm&freddy fender)(2001)

[2012/10/24 00:43:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1997 - rear view mirror (live)

[2012/10/24 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\in the beginning

[2012/10/24 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\various artists - 2012 - scott kelly, steve von till, wino - songs of townes van zandt

[2012/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt, guy clark & robert earl keen - 8-29-90

[2012/10/24 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\1991-& guy clark robert earl keen - 1991-09-15 strawberry festival camp mather ca

[2012/10/24 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle and mark stuart - dedication 2012

[2012/10/22 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\New Cd

[2012/10/17 19:52:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{296CED92-D45F-477A-BC04-A0B8711F26C2}

[2012/10/16 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 3

[2012/10/16 08:59:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 1

[2012/10/16 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\country love songs

[2012/10/15 23:15:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\journey to the end of the night

[2012/10/15 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the mekons - fear and whiskey

[2012/10/15 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 2

[2012/10/15 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\georgia hard

[2012/10/15 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ace cd 893 - swingbillies - hillbilly and western swing

[2012/10/15 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\david allan coe - the mysterious rhinestone cowboy & once upon a rhyme

[2012/10/15 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (2 of 2)

[2012/10/15 22:23:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\merle travis-folk songs of the hills

[2012/10/15 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\guitar rags and a too fast past volume 3

[2012/10/15 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mojo hand

[2012/10/15 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\lightnin' hopkins - mojo hand · the lightnin' hopkins anthology (1993 anthology)

[2012/10/15 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (1 of 2)

[2012/10/15 00:46:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\[1984] forever young

[2012/04/14 18:08:40 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\

[2012/11/13 09:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/13 09:01:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2012/11/13 00:48:07 | 000,794,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/13 00:48:07 | 000,669,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/13 00:48:07 | 000,125,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/12 21:52:58 | 005,000,679 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe

[2012/11/12 21:50:04 | 000,001,944 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk

[2012/11/12 21:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/12 21:49:34 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/12 10:22:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/10 17:39:29 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe

[2012/11/09 10:07:26 | 000,413,248 | ---- | M] () -- C:\Users\Steve\Desktop\screenshot.jpg

[2012/11/08 19:28:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe

[2012/11/08 09:31:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe

[2012/11/08 09:29:40 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr

[2012/11/06 21:25:27 | 000,614,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/06 20:00:46 | 000,002,046 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/11/06 10:09:41 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2012/11/06 09:36:45 | 011,445,902 | ---- | M] () -- C:\Users\Steve\Desktop\Caesar2012.pdf

[2012/11/06 09:33:11 | 011,862,300 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery.pdf

[2012/11/06 09:17:51 | 000,001,293 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

[2012/11/05 00:08:42 | 000,007,609 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg

[2012/11/04 23:48:24 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/11/04 23:31:13 | 000,134,765 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery 1.jpg

[2012/11/04 22:37:28 | 000,023,208 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk

[2012/11/04 22:37:11 | 002,150,298 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3

[2012/11/04 18:45:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe

[2012/11/04 15:08:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com

[2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3twr

[2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3tw

[2012/11/04 11:00:50 | 000,000,679 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk

[2012/11/04 11:00:50 | 000,000,655 | ---- | M] () -- C:\Users\Steve\Desktop\File_Restore.lnk

[2012/11/04 10:48:39 | 000,032,325 | ---- | M] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip

[2012/10/30 01:01:39 | 000,122,560 | ---- | M] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg

[2012/10/30 00:35:07 | 000,122,461 | ---- | M] () -- C:\Users\Steve\Desktop\LastInLine2.jpg

[2012/10/30 00:27:34 | 000,226,624 | ---- | M] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg

[2012/10/30 00:23:46 | 000,236,996 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg

[2012/10/30 00:23:17 | 003,233,763 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd

[2012/10/24 08:21:32 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job

[2012/10/17 20:07:25 | 160,954,751 | ---- | M] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv

[2012/10/17 19:59:09 | 000,006,656 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/15 23:09:48 | 002,514,944 | ---- | M] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3

[2012/10/14 22:33:08 | 009,708,254 | ---- | M] () -- C:\Users\Steve\The Fire.mp3

[2012/10/14 22:33:02 | 007,676,972 | ---- | M] () -- C:\Users\Steve\Settle Down Blues.mp3

[2012/10/14 22:32:58 | 007,993,576 | ---- | M] () -- C:\Users\Steve\Love Song.mp3

[2012/10/14 22:32:52 | 015,058,132 | ---- | M] () -- C:\Users\Steve\John Brown.mp3

[2012/10/14 22:32:44 | 010,346,687 | ---- | M] () -- C:\Users\Steve\I'm A Killer.mp3

[2012/10/14 22:32:38 | 009,238,050 | ---- | M] () -- C:\Users\Steve\Gas City.mp3

[2012/10/14 22:32:34 | 011,772,972 | ---- | M] () -- C:\Users\Steve\Death.mp3

[2012/10/14 22:32:26 | 009,847,225 | ---- | M] () -- C:\Users\Steve\Ashes.mp3

[2012/10/14 22:32:20 | 008,593,348 | ---- | M] () -- C:\Users\Steve\American Radio.mp3

[2012/10/14 22:32:16 | 009,975,748 | ---- | M] () -- C:\Users\Steve\West.mp3

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\

[2012/11/09 10:07:25 | 000,413,248 | ---- | C] () -- C:\Users\Steve\Desktop\screenshot.jpg

[2012/11/06 10:09:41 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2012/11/06 09:36:40 | 011,445,902 | ---- | C] () -- C:\Users\Steve\Desktop\Caesar2012.pdf

[2012/11/06 09:33:09 | 011,862,300 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery.pdf

[2012/11/06 09:19:04 | 000,002,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk

[2012/11/06 09:19:04 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk

[2012/11/06 09:18:12 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk

[2012/11/06 09:17:51 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

[2012/11/06 09:17:31 | 000,001,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk

[2012/11/05 20:41:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/05 20:41:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/05 20:41:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/05 20:41:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/05 20:41:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/04 23:48:24 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/11/04 23:48:09 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/11/04 23:31:11 | 000,134,765 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery 1.jpg

[2012/11/04 22:37:11 | 000,023,208 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk

[2012/11/04 22:37:10 | 002,150,298 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3

[2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3twr

[2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3tw

[2012/11/04 11:00:50 | 000,000,679 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk

[2012/11/04 11:00:50 | 000,000,655 | ---- | C] () -- C:\Users\Steve\Desktop\File_Restore.lnk

[2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/04 10:48:34 | 000,032,325 | ---- | C] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip

[2012/10/30 01:01:38 | 000,122,560 | ---- | C] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg

[2012/10/30 00:33:06 | 000,122,461 | ---- | C] () -- C:\Users\Steve\Desktop\LastInLine2.jpg

[2012/10/30 00:27:33 | 000,226,624 | ---- | C] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg

[2012/10/30 00:23:45 | 000,236,996 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg

[2012/10/30 00:23:15 | 003,233,763 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd

[2012/10/23 22:22:10 | 000,007,609 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg

[2012/10/18 18:20:05 | 009,847,225 | ---- | C] () -- C:\Users\Steve\Ashes.mp3

[2012/10/18 18:20:05 | 008,593,348 | ---- | C] () -- C:\Users\Steve\American Radio.mp3

[2012/10/18 18:20:04 | 009,975,748 | ---- | C] () -- C:\Users\Steve\West.mp3

[2012/10/18 18:20:03 | 009,708,254 | ---- | C] () -- C:\Users\Steve\The Fire.mp3

[2012/10/18 18:20:03 | 007,676,972 | ---- | C] () -- C:\Users\Steve\Settle Down Blues.mp3

[2012/10/18 18:20:02 | 015,058,132 | ---- | C] () -- C:\Users\Steve\John Brown.mp3

[2012/10/18 18:20:02 | 007,993,576 | ---- | C] () -- C:\Users\Steve\Love Song.mp3

[2012/10/18 18:20:01 | 010,346,687 | ---- | C] () -- C:\Users\Steve\I'm A Killer.mp3

[2012/10/18 18:20:00 | 011,772,972 | ---- | C] () -- C:\Users\Steve\Death.mp3

[2012/10/18 18:20:00 | 009,238,050 | ---- | C] () -- C:\Users\Steve\Gas City.mp3

[2012/10/17 20:04:31 | 160,954,751 | ---- | C] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv

[2012/10/15 23:08:45 | 002,514,944 | ---- | C] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3

[2012/06/30 15:20:11 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat

[2012/04/14 18:08:40 | 000,007,859 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat

[2012/04/14 18:08:40 | 000,001,167 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf

[2012/02/24 20:38:02 | 000,105,866 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\icarus-dxdiag.xml

[2012/02/14 21:24:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/12/23 01:22:05 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/12/04 22:01:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll

[2011/12/01 00:58:38 | 000,006,656 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/04/13 07:26:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/04/13 07:07:36 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe

[2011/04/13 07:07:36 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe

[2011/04/13 07:07:36 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\Faac.exe

[2011/03/19 19:16:38 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011/02/15 08:13:53 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2011/02/15 08:13:53 | 000,017,772 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/02/03 02:08:23 | 000,000,543 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\AutoGK.ini

[2011/02/03 02:00:30 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2011/01/22 10:49:07 | 000,787,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/01 11:12:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe

[2010/12/27 23:16:47 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/12/27 23:16:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/12/27 23:16:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/12/08 22:53:47 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/12/08 22:53:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/12/08 22:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/12/08 22:53:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/12/08 22:53:47 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2011/11/17 02:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@

[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L

[2012/11/06 21:21:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/04 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Amazon

[2011/03/26 09:13:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Atlus

[2011/07/06 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AtomZombieData

[2011/07/28 21:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity

[2011/12/26 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Beat Hazard

[2012/11/12 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BitTorrent

[2010/12/28 02:02:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Broken Rules

[2011/02/02 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\calibre

[2012/09/30 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ChaosPro 4.0

[2011/06/06 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Crayon Physics Deluxe

[2012/11/07 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cYo

[2012/03/28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Digiarty

[2012/05/08 20:19:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Fopeu

[2011/04/13 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeAudioPack

[2011/11/21 09:35:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake

[2012/01/05 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ImgBurn

[2012/05/10 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NationRed

[2010/12/25 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PictureMover

[2012/07/30 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Polynomial

[2011/02/26 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers

[2011/01/31 08:22:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SanDisk

[2012/09/21 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SoftGrid Client

[2011/07/31 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony

[2011/07/08 23:30:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\System

[2011/08/23 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab

[2011/01/28 08:41:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TP

[2012/06/24 17:32:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ubisoft

[2012/11/05 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Udlyny

[2012/04/14 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso

[2010/12/26 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent

[2010/12/26 10:13:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinBatch

[2011/09/10 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

[2011/07/09 09:55:46 | 000,000,000 | -HSD | M] -- C:\Users\Steve\AppData\Roaming\wyUpdate AU

[2011/07/04 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ZombieDriver

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe

[2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe

[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe

[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009/07/14 00:08:49 | 000,032,626 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/02/14 21:37:04 | 000,000,256 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job

[2012/03/18 11:23:09 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSteve.job

[2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A1063995

< End of report >

Link to post
Share on other sites

Hi,

Don't worry about that....I was afraid I would find this...

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)

----------

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this: RogueKillericon.png

  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects. Not everything is bad!

RogueKillerstart.png

==========

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.