Jump to content

System freezes or programs and IE lock up.

ChristyA

By ChristyA
in Resolved Malware Removal Logs

 Share

Recommended Posts

ChristyA

ChristyA

Posted
Posted

Hey all! I hope you can help me find a solution to problems. My system will freeze up on me and my internet will lock up. I get error messages saying that IE found a problem and needs to restart. There is nothing MAJOR that I've noticed but it's all very irritating which makes me wonder if there are bigger problems that I'm seeing.

thanks in advance for any help!

Christy

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:47:35 PM, on 1/4/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe

C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe

C:\Program Files (x86)\Propel Accelerator\PropelAC.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe

C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\ShoppingBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\PROPEL~1\pnibrex.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files (x86)\Propel Accelerator\PropelAC.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-page.html

O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-image.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: http://www.nbc.com

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 16961 bytes

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Hello and Welcome to the forum.

Looks like you're running 2 anti-virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

AntiVir

Avast5

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

Thanks Tate for your help! Sorry it took so long to reply but I had a hell of a time getting rid of one of the AV programs. Anyway, it's done and I haven't been on "playing" much since so I'm not sure about a difference or not yet. I know that's not a whole lot of help but I'll know more after I'm on it a little longer...prob in the am.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:04:40 PM, on 1/4/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe

C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe

C:\Program Files (x86)\Propel Accelerator\PropelAC.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe

C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\ShoppingBHO.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\PROPEL~1\pnibrex.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files (x86)\Propel Accelerator\PropelAC.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe"

O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-page.html

O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-image.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: http://www.nbc.com

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 16436 bytes

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

Thanks for re-opening. I got side tracked. Anyway, I completed everything in the previous post and here is the MBAM log:

First though, my computer is still freezing while on the internet so I'm still not sure what it is. I have Satellite Internet (unfortunately) so it's obviosly "glitchy" ( aka:a PITA) but this seems to be more that that. It's happening more frequently so that I'm almost always having to restart close out my browser via Task Manager. Hopefully something in the log will shed some light on the problem.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5537

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/17/2011 1:13:32 AM

mbam-log-2011-01-17 (01-13-32).txt

Scan type: Quick scan

Objects scanned: 152353

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 3

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:

c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\program files (x86)\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Users\Antes\Desktop\click to find and fix errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

I don't know if there is any difference with my computer. I've been able to run these scans and post in here though without interruption so far.

ComboFix log:

ComboFix 11-01-17.03 - Antes 01/17/2011 21:42:24.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2262 [GMT -5:00]

Running from: c:\users\Antes\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\Antes\AppData\Local\Temp\7C42.tmp

.

((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))

.

2011-01-17 05:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-17 05:40 . 2011-01-17 06:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-15 19:49 . 2011-01-15 19:49 -------- d-----w- c:\programdata\KingsIsle Entertainment

2011-01-13 12:46 . 2011-01-13 12:46 -------- d-----w- c:\programdata\ProcessLasso

2011-01-12 15:30 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 15:30 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-12 15:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-12 15:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-01-10 22:43 . 2011-01-10 22:43 -------- d-----w- c:\program files (x86)\WinUtilities

2011-01-10 22:43 . 2010-07-26 03:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2011-01-10 22:43 . 2010-07-26 03:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2011-01-10 22:43 . 2010-07-26 03:23 33968 ----a-w- c:\windows\SysWow64\anim.dll

2011-01-08 07:11 . 2011-01-08 07:11 -------- d-----w- c:\program files (x86)\Text2PDF v1.5

2011-01-08 05:17 . 2011-01-15 09:45 -------- d-----w- c:\users\Antes\Calibre Library

2011-01-08 05:16 . 2011-01-15 03:00 -------- d-----w- c:\program files (x86)\Calibre2

2011-01-06 03:14 . 2011-01-06 03:14 -------- d-----w- c:\programdata\Trend Micro

2011-01-06 02:47 . 2011-01-06 02:47 -------- d-----w- c:\users\Antes\AppData\Roaming\Avira

2011-01-05 10:26 . 2011-01-05 10:26 -------- d-----w- c:\programdata\kinoma

2011-01-05 03:11 . 2011-01-05 03:11 -------- d-----w- c:\program files\Perfect Uninstaller

2011-01-05 02:18 . 2011-01-08 06:05 -------- d-----w- c:\program files (x86)\Ask.com

2011-01-05 02:17 . 2011-01-05 02:18 -------- d-----w- c:\program files (x86)\Glary Utilities

2011-01-05 00:31 . 2011-01-05 00:31 -------- d-----w- c:\program files (x86)\Virtual Villagers 5 - New Believers

2011-01-04 23:45 . 2011-01-04 23:45 -------- d-----w- c:\program files (x86)\Ace File Shredder

2011-01-04 23:36 . 2011-01-05 03:45 -------- d-----w- c:\program files (x86)\Uninstall Plus v4.1

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\WinPcap

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2011-01-04 23:04 . 2011-01-04 23:04 388096 ----a-r- c:\users\Antes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- C:\Trend Micro

2011-01-04 20:53 . 2011-01-05 02:23 -------- d-----w- c:\users\Antes\AppData\Roaming\GlarySoft

2011-01-04 20:53 . 2011-01-04 20:54 -------- d-----w- c:\program files (x86)\Absolute Uninstaller

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\users\Antes\AppData\Roaming\URSoft

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\program files (x86)\Your Uninstaller! 2010

2011-01-04 04:00 . 2011-01-04 04:00 -------- d-----w- c:\users\Antes\AppData\Roaming\NwDocx

2011-01-04 04:00 . 2011-01-04 04:03 -------- d-----w- c:\users\Antes\AppData\Roaming\Docx2Rtf

2011-01-01 15:57 . 2011-01-01 15:57 -------- d-----w- c:\users\Antes\AppData\Roaming\Sleepwalker Games

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\StoneLoops!

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\Saqqarah

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\MagicMatch

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\JodieDrake

2010-12-28 18:40 . 2011-01-11 18:20 -------- d-----w- c:\users\Antes\AppData\Roaming\HP Support Assistant

2010-12-27 14:55 . 2010-12-27 15:06 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\programdata\3DVIA

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\program files (x86)\Virtools

2010-12-23 21:40 . 2005-09-01 20:13 245408 ----a-w- c:\windows\SysWow64\unicows.dll

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\programdata\Recordzilla

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\program files (x86)\Recordzilla

2010-12-23 21:40 . 2004-03-18 23:11 751616 ----a-w- c:\windows\SysWow64\VBOLock.ocx

2010-12-23 21:40 . 2003-12-22 13:20 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2010-12-23 21:40 . 2003-12-22 13:20 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2010-12-23 19:00 . 2010-12-23 19:09 142424 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2010-12-19 22:45 . 2010-12-19 22:45 -------- d-----w- c:\program files (x86)\Audio Editing Tools

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-31 18:58 . 2010-12-02 01:56 23104 ----a-w- c:\windows\SysWow64\svcprmpt.dll

2010-12-31 18:58 . 2010-12-02 01:56 30976 ----a-w- c:\windows\rascntrl.dll

2010-12-20 23:08 . 2010-09-21 03:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 16:13 . 2010-12-15 22:46 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax

2010-12-13 13:40 . 2010-07-09 05:56 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 13:40 . 2010-07-09 05:56 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-09 11:23 . 2010-07-23 04:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-09 11:23 . 2010-07-23 04:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2010-11-30 21:48 . 2010-07-21 23:22 16384 ----a-w- c:\windows\SysWow64\msdrve.dll

2010-11-04 06:35 . 2010-12-15 05:28 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 05:28 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 05:28 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 05:28 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 05:28 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 05:28 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 05:28 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 05:28 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 05:28 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 05:28 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 05:28 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 05:28 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 05:28 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 05:28 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 05:28 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 05:28 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 18:28 . 2010-12-12 13:39 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-27 05:06 . 2010-12-15 05:28 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 05:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2010-10-20 05:20 . 2010-12-15 05:28 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 04:54 . 2010-12-15 05:28 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2010-10-20 03:09 . 2010-12-15 05:28 3124224 ----a-w- c:\windows\system32\win32k.sys

2010-10-20 03:05 . 2010-12-15 05:28 367104 ----a-w- c:\windows\system32\atmfd.dll

2010-10-20 02:58 . 2010-12-15 05:28 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2010-06-28 01:44 . 2010-06-28 01:44 962560 ----a-w- c:\program files (x86)\ePubMaker.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]

2010-12-06 03:04 672768 ----a-w- c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-12-23 3274136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]

"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Propel Accelerator"="c:\program files (x86)\Propel Accelerator\PropelAC.exe" [2010-06-03 266375]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe" [2009-12-09 240480]

"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\iexplore.exe" [2010-12-20 963976]

c:\users\Antes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= 7a23df767d732154398173335d1012ab3314bad9742c1a03616d857a0f61eac5034f06fbfebdd871

1a34569516435e1aefc6ef56b06899e88a67329d2797cb943caae2a15eaed9f016d7a7ebd3377fce5

d6f6b8dd71d505652629682177b5b44dc4ebbdc30424f0d1954f3d0fb67cd4abbdc8afc2563eb3a8b

1181deafb2b43de3600a5a6f54a65a33fd0f388e4f34ba7e5eaca4082b422bdab5beb0ac2f75ab9ef

39b20c5273cbea98838b4476b97bc06ec1c58ed471d5b128691ac565d6b474f5226848620a29ce35e

2e69655ce66d164e3f163face040d8d8b4fc42013d9038482bbe0322e32d4aeefe07b6fa27e450d3e

bee6e02fd1df963184c28dae5928e421fcf57a6f585cfb4b0ea236e953b6c230d52e99e037b8c9d8e

84b984d0134a531d3cd6d66053331bbbff39296e90c9effad0930e7b86a3036d818136aa8967cb558

c9ac3fb2d3f7e0d696f7f947a8e7020fbd866014e3c65ba3b6e27b3d938192eb210a77c22f0b97100

627e1580da689c5849789922efbb6e0271140788c82b3dc8d8c709c3080fec2fc9ffbc154a1fb94d5

90fcca9cb640c701fb2860e5eea3e0945e77137a6431d2f0c6fc3fd9e036c1a4652ea9a124260a8da

5a0530231d24db43976740c635565811feda1b33452e88ea66395bd5bd32c0fe7a9117d59e6bf8251

8ff74462e8c9e941f664a21074915a702eda6c194db325a497e4665987dc1ce0d481fb1a7f1fecb7f

3eda2dabfc1c38629653c561c3e6c1a48d4a1948d9fb87c06a9af1e9f90c7ce37a8853c1fbeea385c

e5bea4beafa72c48f1d18e6298c52e2771c7157ec8423c5566d3b44bdc8b5768e64f4baf8c04fa297

1dcca750d82b1c7cf9f727614802f8595b141c1eba3157f3e9daf97953df5f26ec75bcf415881956c

0539b70d42d0587d3a67db7bad293e429e57ff2c300aa39d84b7133414425788c5656ed59ae513804

4ae77785fa53703194ac108c10cb39c1a1c871ce9cb3566a282bdf3e9f2ce4523729e1c6e25bf7c27

35833af01e713a89013462bee7eb415dcf8becd6e50c7bfb56af30c9a922e7f0d1071c360fd40d4ed

b55577b4ff4c475ff0e67c008ec20165c336a5b175a11f51acfd5031f3b4c92f00b58dcf97c61831a

b1ca041c6299a2eacb5801d3b30d21e96475a5f83b5b59f105c0fe67d942e7456c3b2f7e0e52d9b01

b60e0bb8b4e64dcf141517b6d7a70c0e677185607a5d910e39023a8aa2780bc52b6aceeba86c9a4d6

e8f0e9eb933d7634b1d78a556c94ae99c02c161d5aff26451f0521cde6ac17fecbadec780ef011d86

05886f1dd98260ebc7eacee6417d58c571c91eb41f87c84cd62acac242b8e65fddd9f230ca2ddbfe0

1e3ea80ad8846d0d21cbb1c336bb99e739aa0ce7a013ad61a388946f3c975c40994159c97e278c36d

be12afbae2bf9b5c0c57d00a5f8322d306cfbdc71a0022f4c6a76c94a9f6d8847bd384f8f42b776de

989e2e0b8e7a53ee7c3151b0876fda6e0c2e2ddc8aa8cfd52a286c13d305654bb52575eb74fd4ccff

063f1aaa85805d09298d87db073be7c08b53eff05fe93a2d8fe9cdf6eaf39efeab6952dd59c64b04e

b31e2f63051f1b56e64957b498b32abe768b70752d7eb23231e69471a4befce7f6cd57c970996b3c5

43de3b45b6e5421da4fca2514f656357a66881ca24a3ef62f6a2db245cb034d651ec6ab66e9f756b0

ccc183ca90967808c8e8756ac8cb596cfeebf8907ef477cd2e1b4a8363860d07e6801a030277e3688

1902e024ab4f28013f560ea68a04949f3b5e802dded05d3cffc2c395926dd85592ed179ee997508c9

08cf06bf78e8327a7137703269a98238e1b3807d3b27d56d14276b12b2d0a361f088bb9bcfd8e5150

6dfb1720d9602a5d028bf7534f57b7e270c638324150e1a3f17bf00363ac0704d43de7edbfcf7b8ff

de2187b31a2037263c704341deb1259fe91831ea7f28fac2a25016fd09f8e1d0e5465f4b41f074268

64592b53f4f8a71a31ccca1072e048a9a9713832424418c04f3d1267e32e7dacbbeda73c24a9d2de1

87e7ca6ab8846e46ba5b3c97c719a758f3692fafa43bebc26b0e72f4042cee23190c0bdd1646a8657

64efaa14f2383b62508b35d7086005be8b704cc7180ee0fddfba13f967f439552d4e64648dc57220e

6bc514a64fabb625c93af84396c12d3294e9509867a8b024d47f77ed30cea22b3400cc10be078dae8

11cd62fe0781c39d257924e066d7eb27fb1480c8354e5402a6e32332833e754a4df16b7eb1d104b84

0ac8dee6ff281fbcc91caf3add29a10f560fef643acb63c6a8f4429223143bbfc2bfaee9ce8313a22

51435ee9a9755c74b586c5a5218736301fed235051e5d3b8e9e7accd0e8eb11282d2a749e48388426

7efa315c0ab5b6c854415e171d793095d2f7db16b2e4167856e1d3c06277ac9b6547c70fc11d7e44f

48e4ecee8cf464d145e484df0ef164615bcec0b75ff4f9492d3a5dc11da5a5a8777181cb2d38b1ecf

d7343ad8f7747b18f92e25c5ff19edb09c1046577956dc0e608150698a371a9c901c3b5e530eb55f8

5b809966a61f76dc5a030e8642d6328354c7269694dda41e36bf8b234803845883fdd0fe344620d3a

b3e5fe356ec8908359fc0b28ed59de4e25bc47f1fb6bbc317c2fc13319948f85fb63f69505a2e4ae6

2f2832ea2c5871ffb89552d412379d9ef02960c666f240efde0acb2ada566cfe7d4e262e1162b6545

b952722cedfa1eeffd0816e5977afc012822cad5da6eb2ee242e22f6b3f6094e03aa17a75e5a0bf22

aa2cc453923e71e1668a7a421354e1fc539d85bc608afe3974ee2cdf31ebdd17efc652ea1d80950c3

5fd0c1aef654f20b5cb375e580d374c01fbf0db6abbfffe4e6b1a691d095b98f590db14ce6483f2f4

f01f9cbb8eb4d36ea714f5881bbdaf7c27e3acc8bdf4391e09671ff046d8995fa20c66fef1d61dd9a

33bc1b6f3d4959a6274318f640bd6a559caff37be88386fa565330c62ad196388fe1ea414ae585fe7

67d1477a14db35cd01eda370a03d092be643af4f77da507b053a54495170a1d49e04b37766d8efd64

d53342353bfb49a4df0024e96276b2802358a2d13e417ff709200a7921fbb91c10adad83fd6e0c4c3

b35391285adf12736739e9d6c3d063ea435bdf5f65b1e66d116cbc18cc4a35b22ed3caa1963cec621

c8c98cec7fd2c9d00a579284755197325c2036a62e25c6b779990054695a2000976c09d89331b1e90

b9d2f689a0d5fcaae553d6576967fdf7874dcd45a22ddb52164189c96f39d877d9df7d0bd8f7361a3

a695e6649a2bf5f4537a8ea11cb40622c331adce3d90ab0c55e3634588470cb0a4ac31f6a588e4baa

989e4a7bfa39793731969c5e4cd959cf3b804a8f864351c63e3f2c0a345449e06accdb80c73d2dd90

fb036d511026ede238be1a1cbfe8212bf90c1b0105d600aa2078282dfa00551acca9111cb9c1cf1e4

64c822f4907baab77485ab98643a382f27986708aa29a8a6f22b55c754ef8aeae87f360f3b8372be4

466124a9ab47a57e3c7b39a90a2bee0c71d2952a142dff796f8447a35debd822e197a1d4f1893ce8a

bddb8ec0f9d1f10815e6b5f3ebdf9b13567a75bee754810fda0af52e489fdbd19d1e1f034d80e724c

3cf22329a8c6446104ef162b8ad17696e5ec26f909f4a336bd6a38feaf475483fb92098971712e299

acbddfee0fb0ee45bfbeab9b5a5dc2b9104c05fe5679bd5edf213eabc839bf13120d68ea5627abaab

472d8390d9fec6a72c8aac5dc53ee8b1d1a3df516c8d5a0bd2b86b3dff4d8f9a135c172d1112e704e

7a91a6c9eccd82cd5b52bcfd69892f9ddd72e955518b7e312af5a1ebced2f56d10f12092efad212d8

112e44c2a4214be111731d2d50ae2627b54ec8c10ac5223d01d2e41a64ebc75b177a2dd69bfbcf725

b0bfb4e0e81cce3c11275cc71378a37e8791308f6fc22363254acedc92bf7fdca0b09906f288eac8d

2b538996b0a1d7f386215d5bc87c8d64b7452e02e0a1354eacb3209cd5b17dd0da748490d1cd138dc

16e91afe9cd234704a013ae68e7f1f57178f2cbb8b9150137926b7ab8e959d9c0b6e6594766ce5da9

0a0048c88cc882b6e0de1295aeabeeae32e98a9fb291ef4c7fe381e1fb41e92912f7768a95fc2366f

b7f62932e1655484b0e647865633e466d7906e25bdaee39e0dce8cc47b29d22bda9053c9d65035fee

558bad37b9edd157f7dbe7d30f9e47f0814ed986544c90365bf24d0a93245365ab7362a6a0125301d

da0a72c7d08a0fd72b1bb514226a72274ef9c75a5e0dff9f0dc7bed45191dd45d5bb7573aa663a133

9a2fe0b5a7dd3c6786f596162c17037d5ce549f98d1a9c301561bb0baef42a9c528c8c1bebdcda861

0a8ac64bc2358605e425f53eeb378b584570482707e403f5dfd6ffc94a20c0e807d51d9dcb26fb953

63682e74f0601dc538b03683f5a14f1a94613ef018c94b5184e828ede43090c70acb39d528ad15ff8

0e1c368c519c1beb45c9b7f0ebf030f6c7d9439891a793bb2eff40cfde6dbc51b7039dda95524328c

2c43e7f1ed0fed88c5a2261521fc8d020a4b0f84e6c9d9a666eff7de2c6d0c137abbc7012a18456e1

f0a4139554336ea6f60cec589b2ba13d1c5947fc160c8d50e289b154c84bd351fd6fa87fe898b2135

60c5c4574d3dd7be0a75a5f6aa8bf351751ed6b6cab1b72e9c176cdd3530b6836cfe72a2b7c7dcd57

f947eeb4e6b06094e132c6e3b4bc61accc5626deed07145125f7bdc404ffd142a8f86b1b6337a9b7c

e789ee93f4af5c54e7a90b292cf6ebfacf7d23b87c2a27fdd8e0d0ffe0270e2cd007bfd0bd48f46d8

b26b98765f0813512ec1b63c2eb72ffea274f10db1cfb288995f0f29ccbc538e515b300013069db54

7b00c5dacabdaf8111be9ea18ab8b513b7fa3960c690642c15f2814ef2df4509667fb595ea2d18220

e3b422a8586fe6ba467e6c5243730d30a598e8f9943ad68a4739d6d2da79657632e11dc0442042ef1

e9eead227b26195a715cbda8a970b0b6010e4efa99a5e7c50fd6ced756bcb136f6e2df0121e97822d

9708dd57aa5b7cecd36ed9526b84d43b811fe8d0c2a1d3fbb69d90ef9befde7dcb13962a85dd8e85f

06abcb85d569f5ccd2fda92b32a224ffb155bf74a8dfe2e8871beea9c966bcd76bd16b353c276863c

158a5ad06e80b644bdd6cf2fa860bf3c6c99c845223fbbfd85b4c4f2bb16d262d7ba4051a2d6b5d89

b7d49c03cd1e94f7f74fc62a13f46bc26370d9e1dbc7b98a504449eb0c8885e073dfbd18e464311ca

e8a16aa0fed4efb3602e3bdf011b39cfaedcdd6a82adc3f091e5358b2728962854de0184a8e42d8a3

b8194dcf09bd4b0fb2b55dda1ee2c353f5d3f168ee0aa3c253f62d9405918e8bf1861be72a413e293

d7f2dd1e94f18cd61b8e61994bd547f646f10d91f0c55f75f5dbe9ac0d9ebf0d7fcafd56e320aa7b2

d5ee33de76e35fdbede4ad34090c8dbe4b376cf4bf1a0dbc5eabdac17e250ca7cb60c29e9153bfffa

95ec61c7b9221cbf94864e4fb3067ef26f217c49b79e446e107f2585d9312395d4059996e2e322cc0

e3dba53cd4321fa845680544bbe4f0df19f767b4029b37582103b68433ca4a759c1029f032211519c

0d7013f65ca9395028004731a567b443a7f58f64659368fb7df96e8839d9d57f11597b5771c7cadeb

b88e0cf9052eda64c9bddb3cf52386e83cc460a9a01764d98f8009e1280caab60b521887e89522847

77ec6d7d09dfdaa87224d1b0cef2fcabab35ecf4c73c007d1bb2896619cf2bce33cf86e99ca416525

2e858a35c152f4350f88580196335def72329aec731bfe2852c72a31f0f07b6142cff230bccd1d6bd

9129156b8f5d312a505bb17e1ce0ac2b77ec7748ea72809507537a0ea78dbbc176b0e2dcb292bc0a2

f4469009f45ba5210f5de8cb64c3e7eebcba5d774b3a4f2f5067635fc086b9e269bc5985ad8c6b1ff

5830ef12fafdb676e04feb8cbbaa5a04496155f31b4e9e259cc687b44fcc58d95885f1033eecb126e

fc7965605daa594475a8ce873a486af3a2f7f99378dc0788917dd2e860b83f6361f1bec5cd8ab4c4e

094a200396d61c6e7ee9c60a1908d9b69d1eecc4e7294f4d793436c7bf8519d996175a6d0e4a29076

fdaa4567b0e4309f33274e45d4682c11303f8bbbe3fd0d2ddf6ab824e636a742516eb63433c387e2a

20ff0e0ff2435831c750c56ae2f4400432ece0cd1b9dc76e79044af8e3f051c02c6f016d3086994fc

d259af22f592bf451c4bbdd13c04ae88aa20ea09ef89d8674206897259e780d141b5d8380ae685b55

5b1a5d48d9dba02299efae5c03a7e3ed03d41660c4817b29bbe2c839e88797d059d50c93efb7b7de6

491bc5b8d7531a0d4dd9ac7452b0aad36b59ab147641fa80d52df111c8946f5650dda11c31d7137d0

b7a2f2fd5a7969e20f6f86d2aa9957b34e1fb40c2ff022609cb4f7bb3c02bf8a98d4dfafd93878d5d

3488ed101435b6a6a557d3c8b6a1d05761706b46b71908fa98818d58431ada2b8090c12fdb6cfa9dc

70e1f3c0c035675088b891fc448471d68f561ea4e942ae33b7a55aee8b5cdeaea6331fd4bba010dc9

5f6b2d6963d442ab9b6760036895d66ede7faaefa4b69cf8b005b09eee3c6c8ee6adbcb60e53985f9

0460c4639a68908fa0f3564c7d6045198441f937bf105703eb1db883c3cb493f82fcb1ed52a3caf5c

0eb78990aa9a808003cce36d7d7e4847b815fe42660633d323633112b2ceb5d29cf71c15d58a9e0e9

30e80af5b3ac18ff348a987242672b7b2aeb2a18bd33907154c6146c10cb95d57c6779bbb9dccedc3

60d841c8ff341d9c1660d463fdf0a5542825fdb605c76ee60e967924dd9b495c91336b8a4fb570fad

f082abc819d8754162255d60c112b53ebe9bd7d632c40e5f4f88b4f9d9e01397e7d231a1dcf405b91

8fbfee495c907b0bdeffed27f70680ea1c76357582cdb3816140172a3f7f9e66f55d3b626fbbda886

8277cb6d1a075c3785adea466619b9e2bcdc6444aa1dc7abed798d1c3cdf9c644082ed09cbb808c1c

89150b5ce1734e3f4d4a9c1e895d7233b6e125efffe0dae94f44ad5bfd2d505fcf1320016c6947ef4

634fcfb64190c1003c4cc496df764c2ae27577a371f1d5f07caf3d1346fba1528a72b8d7d735b16ae

5ec21962a0b4107a95356370b9c7049f0d35735873fc3265c08cb2072f9a0e692857b1be208d4a7b9

50d55cb25c0eda00636ab0011862c3f5152d70f4b016c7fdae0f419ce76099f404e0da3090b817695

2695dcadb11e6f25be98f99b9138c77e2935b61609af6b62f0b4df9cd38f3bf91ec18cc3dafb779d6

451058b478591bd517b1b2e9763f55b4e5d9160091640ba463f583fe517c3d203048dc79c9ce95b23

0a62bd751d61db7cc531d8d03c5c5e0708b86a73cffe1b10efbd944219ba8049a45b11718e7b6878c

804be84be28a3ac561b6091029c009f21b64f001e46af9d9bcfe2bbcf4fb87ecce6986589243c37bd

e7ef4823e481eadfc8d09f73ac0f2f93dd8810c0c99faae3a14b7260071d66b8eec2f43a31e89a85c

7e0d6fcd4927fa2cc6dc9b5089497694778bc79bbcf32dd21a07a29b81cab0ace13ee2b13c267939f

f1061cf929364672ed69cfdef512e782ad835d400d5fd8033d472053946d8e98f7ebcd350002aeff1

06fb2094c01443256465d13547c6d7eefb4ba4b3680d7d041f2e92a2ea1731f4a8043aaa58c3d3a07

3b85c057f25a5bce1a85f02f305d1525626cc858960e13ebbf8d185dee645b2fdd9c08dc6cf7bd1b3

8cf58d3cffb63c9add7053c45564a294e8e0cf6e7b060323abcee315604ec29ba53a15a7b7a727a65

b140ea775aaddc0d7c31bad57aa74bb24a1afe45a29e03cd37ddf8b4060f83c307918e47612bbf888

2fa99d8a995a0041115a0a44e491935dbfc8d332c5691925df86bf78531d5db5999b3d4d699e0f7f1

9ffde7b261043c81022d9e36c4bf029346586f6615a720fbc9fe33df6f1ff093be59a12d2492d5843

6f94d9e55d8de70f21be203863faa15d41c077a35604563e1c328e9175713a978424bb81c1b765a14

d98778682835169cf03e1c7c3365f5067d03a00d162528ce0f6dc67ffc051d1a560fb7228e67feaf9

0f7209f15e1b8a386e7bfe67868a06e96ec4c5a781e495e404f0f965b675d3d6a814d8694f3d40c0d

83bc20dbb71bf7893e3bec02df71826df7df487e71bee76c843f13476bf24eaae4e186e3b999de6ff

0e413894eb13c23299ad4bd43c713a9688120662d656eecb771bea394898e14786e61c69e4bffbd2d

b85e7954286870a1e7e3773bb5db6dfadfc4b1e4fefea1a18a4db538840832bcc4d0fae1154b5c5ea

ae3dadf297c1a8b284b1f3c5b619f7391027c33926e7bae9965289929b875cffdf58522791082e0bb

8534fe2c7afe27471d256c4fcbe7410f15f56615e3e83b5115ad60d59d2bcafb43f3b1bef4734428f

6fe5f37031b196ac4f241cbe663236e8c6bfc5d181649273c2714034612e7e53b4678186a727b2e20

fc3a4fa3b1a484bb2cc1c64d8c7894111e9fba4f93b270088e560ea4e475ccd5a463bdf5ae4c55403

14f4d1b4ccb223565be33186fda62ff6add815103ada50dd9d95b7268abbc0d9454ff4adb767a009c

131ce22fcd0347364b2d8ea14a829a133bcd813a55482f6920835b50db13120f4c2eb6217dc58349c

9c6751a1b7cf2a244a0cda206ba45cf904affc1ae1960bdd071bd7ab489ada64148e320192565178b

2ef39f6dff6a95cd5e2c4b11e7020c98d38c814273c82ce85c254757a5f4680f655684e2a1e175ded

497dbc5f8557c3ccfcfb01d3e29976c74dc1025547251e6721a1ca490b78c60ae2e00526ae49c25f6

1fbbb86f65f663bf15dddc2da717d9393feea5283e45301f454f875bae3e90616de108bd9de7185cd

9cb19b5006d54742924dce22d231757348caf2657c5421b14d02f8c58543bd21cfb04476012db6a23

c85d1266cfc998a4f6660656d3c8c16fbef9ab5007c6349b6419e3c330fa70c48807e42aa8b13a84f

55c1b71b4a184fbc6ddfaad2ec599354f8c8d32fd330ed302b5d0b23f8a627373dbef5ceb7cf8032b

c6edac085fdae02c27cc9253da2d9adba2d756721765e9fdf48059489f24d29c29b91dd60d6e9fdca

76a918a4a42bb4af2ecf3fea223f48fd9cf8efd8dc069b989e9c0eebaaa092ee328e7196ae00ad6ad

6d8717cc7d3539b6161d6c9eeb533ef041859d0ac82323cc36b2886a1dfe837f9d1650400b120fed2

40a70911a45c8fcfb77876aea5504f45b6d6d0c6c6686284dec1b3c1dde330da17e174978ad10ae2c

12375c3f730748f8016835b65c4a5b74e516199a6920b98f9eb445ba165c450a10157a1d14c26643c

343811c61a393a11287976a2e5379e40c307203d9d88134139fc27f78221ef3640b8fdd93093a473e

ff0023f1a053e56b4dc0f25c8617e1d4fb9ecac53d6566d5549d89bed5770ccb04e05dc5619a8271c

1319fb68198d4cace3aeaa8cd394e471438fd340438d24ac1bec89359e4afb78425346a7c6d7c8371

82076d875821faad233f5ae7b5d497afa7296323ac0c1b3ec459f112ac4b8445a184b1e56c99180c9

dd46cedcf166a013ec8834bb71a2813fe3902b21db08e4dc3c7535647690c25cf234cf88b06e03852

ed46cb88d19c484efdef3c023cad46884dc3c921e0039a413e197c53dffa99115014511d44c11ead7

d4fdd448a432114efbf7699096417ec2f58ca66bcdcade2c8fb5c8ae8f64f0d9651c5347936922f86

96ec347267a191c60db0564a6f72dbe6398fc770588e9b95f5efdff4c978fcc96e9529d16d3931c1c

e579bb9610af1baf5a54e95580e185f28e4101e6bbe4e134490f1f7bad767229f00cd0eb551a32673

c8e972e46964becba6e69e228769f974c8831ca348841aaa53d4d49bc5ff94fd1f10feba0dad0c410

ab8d3dddda78515c65fd9170f334850903b3399a8ca6f8cde0225875d6b776c4284583be1a1080ed5

d164557329fc8add2179cc50e19b84a33cc7ab23072eb71fb3e456d3066b3b1fbfb7a576539f491fe

da107fb28adec02f90957e8cf62aab80ea218ad264a3721009d2ce844f596964e347e949471d98e2c

0256bea6f063c57be965bd5fdef45724dc5b39bbef6d747b463e2728fbeffc9cd8b2549b4e42f2860

3e44bf5e4571b53f91fc0d91ccf5630f160d7215a8abda57b83d20d19dccf70134d4be55825249df9

b1ee450c27b9524d1eda21adb4a53e71114f92be2062fa466caed60a2fdb98abb33d441bfe8b3f6ee

adaa79697004bde75c53dba9fb055ab09e38ae2dfecffe3923c62bc685c20dd672edffeaaf009fbe6

2a1cf332ff0ff8da25dafdecdbc2fc2329baa4de2d3d36242e75d3d86e06781d4eba7dcb1c8f0a7a3

3a036b9eb1a7a5bf27fcc63c480c7e9bd5a33a234a60eb91bf0d0a0b0c2cd95a30d2eb53f4b9e696c

b90887cfd95e84a0466ffab3614665da5a27a612a44cd1d1a4b7336e7dc197cb1e600f7f3499728b6

3c4f9204ecab79a06696eaf4b7fafb4b528e5440b2efef7640f31b8a763ac7464506fd18b44cadc2c

a0aac52afdcfc550eca4e48bdfd65c54fa012fd29cba54c64e63248cdd61f892b997eaf2d729aa7a0

47d02be547a188a3cf04a4b98f013f77e97b790d994e95439b99fc6b495d8594c448f30196cbbfd99

67218200b7529e614bf8a9abf47fe597398049af67c4d1c9a4fd9af83f30cf35bbb046248872a911b

3007b2ca26595e21576791b45391f718ae2b6653a68cab90066189174a47ff7d049aca187f872bb6a

169ea8f16e7529b77aae72059f7726fe0413295779ef5fb745ae9e99099b0489b3eb2ac6d0cb79220

0bb5e57c2ee6c7b33200

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 135664]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2008-07-07 25600]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 213120]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-09-03 37456]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 142424]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]

S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [2009-06-17 17992]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]

S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2010-08-06 26176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-17 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-13 19:11]

2011-01-17 c:\windows\Tasks\AWC Startup.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-14 21:19]

2011-01-16 c:\windows\Tasks\AWC Update.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-09-14 20:24]

2011-01-17 c:\windows\Tasks\Free File Viewer Update Checker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-12-06 16:25]

2011-01-17 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-05 15:47]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-12 c:\windows\Tasks\HPCeeScheduleForAntes.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

2011-01-17 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-10 12:53]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-12-23 19:09 83696 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-06-22 3866624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.my.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=localhost:8080

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Refresh Pa≥ with Full Quality - c:\program files (x86)\Propel Accelerator\pac-page.html

IE: Refresh Pi&cture with Full Quality - c:\program files (x86)\Propel Accelerator\pac-image.html

IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html

LSP: c:\program files (x86)\Propel Accelerator\prplsf.dll

Trusted Zone: nbc.com\www

FF - ProfilePath - c:\users\Antes\AppData\Roaming\Mozilla\Firefox\Profiles\4v4j0vpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FinalVideoDownloader plugin for Mozilla Firefox: downloader@finalvideotools.com - c:\program files (x86)\FinalVideoDownloader\Firefox

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Antes\AppData\Roaming\IDM\idmmzcc3

FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Shop to Win: {46d606b0-a645-11df-981c-0800200c9a66} - %profile%\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

Wow6432Node-HKLM-Run-HP Remote Solution - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32

AddRemove-YInstHelper - c:\windows\system32\regsvr32

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a1,23,98,13,80,02,5e,65,69,62,2f,ab,e5,a1,da,fd,ed,5f,e5,98,02,

44,e8,36,f0,d1,c6,4a,2c,86,05,a9,db,6b,c6,ad,61,33,83,88,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{cf0c4bbe-795b-49d3-9c15-a8bb9cccedcc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000136

"Therad"=dword:0000001b

"MData"=hex(0):00,3c,62,a2,9b,57,4e,6e,1c,89,3c,8e,cf,82,1a,ba,1a,10,80,d7,56,

1b,7d,e6,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-17 21:48:58

ComboFix-quarantined-files.txt 2011-01-18 02:48

Pre-Run: 317,847,818,240 bytes free

Post-Run: 317,746,143,232 bytes free

- - End Of File - - C68DE0E4F134F4F06E460FBED1C8BDDE

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

File::
c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Internet Download Manager\IDMan.exe


Folder::
c:\program files (x86)\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

Ok have a good night and thanks for your help and quick (really quick) responses tonight.

I ran the text through ComboFix and everything was going fine then at the end it said it was "Uploading files to server..."

Then I get: "curl: (55) Send failure: Connection was aborted" The upload got to 90.2% finished.

After that I got an "Upload Failed!!" error box which says the Webserver appears to be temorarily inaccessible. I located the file location which sent me to a web page with the path to a zip file. It wanted me to send the link to Bleeping Computer for analysis but I wanted to send it to you instead. Sooo, long story short, I opened the zip file and copied it and I hope it is what you need. If not, I'll try this again.

Again, thanks alot for your help tonight!

ComboFix 11-01-17.03 - Antes 01/17/2011 22:25:57.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2049 [GMT -5:00]

Running from: C:\Users\Antes\Desktop\ComboFix.exe

Command switches used :: C:\Users\Antes\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"

"c:\program files (x86)\Internet Download Manager\IDMan.exe"

"c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Ask.com

c:\program files (x86)\Ask.com\cobrand.ico

c:\program files (x86)\Ask.com\config.xml

c:\program files (x86)\Ask.com\favicon.ico

c:\program files (x86)\Ask.com\fv_401.ico

c:\program files (x86)\Ask.com\GenericAskToolbar.dll

c:\program files (x86)\Ask.com\mupcfg.xml

c:\program files (x86)\Ask.com\SaUpdate.exe

c:\program files (x86)\Ask.com\UpdateTask.exe

c:\program files (x86)\Internet Download Manager\IDMan.exe

c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll

.

((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))

.

2011-01-18 03:30:08 . 2011-01-18 03:30:08 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp

2011-01-17 05:40:37 . 2010-12-20 23:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-17 05:40:32 . 2011-01-17 06:05:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-15 19:49:43 . 2011-01-15 19:49:43 -------- d-----w- C:\ProgramData\KingsIsle Entertainment

2011-01-13 12:46:50 . 2011-01-13 12:46:50 -------- d-----w- C:\ProgramData\ProcessLasso

2011-01-12 15:30:41 . 2010-10-16 05:17:44 720896 ----a-w- C:\Windows\system32\odbc32.dll

2011-01-12 15:30:41 . 2010-10-16 05:16:01 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-01-12 15:30:41 . 2010-10-16 05:16:01 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-01-12 15:30:41 . 2010-10-16 05:16:01 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-12 15:30:41 . 2010-10-16 05:16:00 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-12 15:30:41 . 2010-10-16 04:34:37 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-12 15:30:41 . 2010-10-16 04:33:27 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-01-12 15:30:41 . 2010-10-16 04:33:26 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-12 15:30:40 . 2010-10-16 04:33:27 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-01-12 15:30:40 . 2010-10-16 04:33:26 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-01-10 22:43:25 . 2011-01-10 22:43:38 -------- d-----w- C:\Program Files (x86)\WinUtilities

2011-01-10 22:43:25 . 2010-07-26 03:23:22 56496 ----a-w- C:\Windows\SysWow64\wbhelp2.dll

2011-01-10 22:43:25 . 2010-07-26 03:23:22 544768 ----a-w- C:\Windows\SysWow64\wbocx.ocx

2011-01-10 22:43:25 . 2010-07-26 03:23:22 33968 ----a-w- C:\Windows\SysWow64\anim.dll

2011-01-08 07:11:04 . 2011-01-08 07:11:04 -------- d-----w- C:\Program Files (x86)\Text2PDF v1.5

2011-01-08 05:17:46 . 2011-01-15 09:45:06 -------- d-----w- C:\Users\Antes\Calibre Library

2011-01-08 05:16:44 . 2011-01-15 03:00:53 -------- d-----w- C:\Program Files (x86)\Calibre2

2011-01-06 03:14:46 . 2011-01-06 03:14:46 -------- d-----w- C:\ProgramData\Trend Micro

2011-01-06 02:47:24 . 2011-01-06 02:47:24 -------- d-----w- C:\Users\Antes\AppData\Roaming\Avira

2011-01-05 10:26:02 . 2011-01-05 10:26:02 -------- d-----w- C:\ProgramData\kinoma

2011-01-05 03:11:40 . 2011-01-05 03:11:41 -------- d-----w- C:\Program Files\Perfect Uninstaller

2011-01-05 02:17:47 . 2011-01-05 02:18:22 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2011-01-05 00:31:05 . 2011-01-05 00:31:06 -------- d-----w- C:\Program Files (x86)\Virtual Villagers 5 - New Believers

2011-01-04 23:45:09 . 2011-01-04 23:45:09 -------- d-----w- C:\Program Files (x86)\Ace File Shredder

2011-01-04 23:36:13 . 2011-01-05 03:45:40 -------- d-----w- C:\Program Files (x86)\Uninstall Plus v4.1

2011-01-04 23:06:39 . 2011-01-04 23:06:40 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-01-04 23:06:31 . 2011-01-04 23:06:31 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-01-04 23:04:33 . 2011-01-04 23:04:33 388096 ----a-r- C:\Users\Antes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-04 23:04:33 . 2011-01-04 23:04:33 -------- d-----w- C:\Trend Micro

2011-01-04 20:53:56 . 2011-01-05 02:23:36 -------- d-----w- C:\Users\Antes\AppData\Roaming\GlarySoft

2011-01-04 20:53:56 . 2011-01-04 20:54:25 -------- d-----w- C:\Program Files (x86)\Absolute Uninstaller

2011-01-04 20:51:47 . 2011-01-04 20:51:47 -------- d-----w- C:\Users\Antes\AppData\Roaming\URSoft

2011-01-04 20:51:43 . 2011-01-04 20:51:46 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 2010

2011-01-04 04:00:36 . 2011-01-04 04:00:36 -------- d-----w- C:\Users\Antes\AppData\Roaming\NwDocx

2011-01-04 04:00:24 . 2011-01-04 04:03:26 -------- d-----w- C:\Users\Antes\AppData\Roaming\Docx2Rtf

2011-01-01 15:57:07 . 2011-01-01 15:57:07 -------- d-----w- C:\Users\Antes\AppData\Roaming\Sleepwalker Games

2011-01-01 15:56:42 . 2011-01-01 15:56:42 -------- d-----w- C:\Users\Antes\AppData\Roaming\StoneLoops!

2011-01-01 15:56:42 . 2011-01-01 15:56:42 -------- d-----w- C:\Users\Antes\AppData\Roaming\Saqqarah

2011-01-01 15:56:42 . 2011-01-01 15:56:42 -------- d-----w- C:\Users\Antes\AppData\Roaming\MagicMatch

2011-01-01 15:56:42 . 2011-01-01 15:56:42 -------- d-----w- C:\Users\Antes\AppData\Roaming\JodieDrake

2010-12-28 18:40:17 . 2011-01-11 18:20:15 -------- d-----w- C:\Users\Antes\AppData\Roaming\HP Support Assistant

2010-12-27 14:55:49 . 2010-12-27 15:06:31 -------- d-----w- C:\ProgramData\FarmFrenzy-PizzaParty

2010-12-26 20:52:09 . 2010-12-26 20:52:09 -------- d-----w- C:\ProgramData\3DVIA

2010-12-26 20:52:08 . 2010-12-26 20:52:08 -------- d-----w- C:\Program Files (x86)\Virtools

2010-12-23 21:40:53 . 2005-09-01 20:13:28 245408 ----a-w- C:\Windows\SysWow64\unicows.dll

2010-12-23 21:40:52 . 2011-01-05 02:55:53 -------- d-----w- C:\ProgramData\Recordzilla

2010-12-23 21:40:52 . 2011-01-05 02:55:49 -------- d-----w- C:\Program Files (x86)\Recordzilla

2010-12-23 21:40:52 . 2004-03-18 23:11:16 751616 ----a-w- C:\Windows\SysWow64\VBOLock.ocx

2010-12-23 21:40:52 . 2003-12-22 13:20:26 4608 ----a-w- C:\Windows\SysWow64\W95INF32.DLL

2010-12-23 21:40:52 . 2003-12-22 13:20:26 2272 ----a-w- C:\Windows\SysWow64\W95INF16.DLL

2010-12-23 19:00:32 . 2010-12-23 19:09:44 142424 ----a-w- C:\Windows\system32\drivers\idmwfp.sys

2010-12-19 22:45:00 . 2010-12-19 22:45:00 -------- d-----w- C:\Program Files (x86)\Audio Editing Tools

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-31 18:58:18 . 2010-12-02 01:56:23 23104 ----a-w- C:\Windows\SysWow64\svcprmpt.dll

2010-12-31 18:58:17 . 2010-12-02 01:56:23 30976 ----a-w- C:\Windows\rascntrl.dll

2010-12-20 23:08:40 . 2010-09-21 03:02:21 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys

2010-12-13 16:13:26 . 2010-12-15 22:46:08 73728 ----a-w- C:\Windows\SysWow64\TOverlay.ax

2010-12-13 13:40:21 . 2010-07-09 05:56:55 83120 ----a-w- C:\Windows\system32\drivers\avgntflt.sys

2010-12-13 13:40:21 . 2010-07-09 05:56:55 116568 ----a-w- C:\Windows\system32\drivers\avipbb.sys

2010-12-09 11:23:06 . 2010-07-23 04:44:22 466456 ----a-w- C:\Windows\system32\wrap_oal.dll

2010-12-09 11:23:05 . 2010-07-23 04:44:22 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2010-12-09 11:23:05 . 2010-07-23 04:44:22 122904 ----a-w- C:\Windows\system32\OpenAL32.dll

2010-12-09 11:23:04 . 2010-07-23 04:44:22 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2010-11-30 21:48:00 . 2010-07-21 23:22:57 16384 ----a-w- C:\Windows\SysWow64\msdrve.dll

2010-11-04 06:35:53 . 2010-12-15 05:28:19 1194496 ----a-w- C:\Windows\system32\wininet.dll

2010-11-04 06:31:34 . 2010-12-15 05:28:16 57856 ----a-w- C:\Windows\system32\licmgr10.dll

2010-11-04 05:52:17 . 2010-12-15 05:28:19 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 . 2010-12-15 05:28:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 . 2010-12-15 05:28:15 482816 ----a-w- C:\Windows\system32\html.iec

2010-11-04 04:41:26 . 2010-12-15 05:28:15 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 . 2010-12-15 05:28:15 1638912 ----a-w- C:\Windows\system32\mshtml.tlb

2010-11-04 04:08:54 . 2010-12-15 05:28:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:18:17 . 2010-12-15 05:28:44 524288 ----a-w- C:\Windows\system32\wmicmiplugin.dll

2010-11-02 05:17:38 . 2010-12-15 05:28:44 473600 ----a-w- C:\Windows\system32\taskcomp.dll

2010-11-02 05:17:38 . 2010-12-15 05:28:44 1169408 ----a-w- C:\Windows\system32\taskschd.dll

2010-11-02 05:16:53 . 2010-12-15 05:28:44 1114624 ----a-w- C:\Windows\system32\schedsvc.dll

2010-11-02 05:10:47 . 2010-12-15 05:28:44 464384 ----a-w- C:\Windows\system32\taskeng.exe

2010-11-02 05:10:32 . 2010-12-15 05:28:43 285696 ----a-w- C:\Windows\system32\schtasks.exe

2010-11-02 04:40:36 . 2010-12-15 05:28:43 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 . 2010-12-15 05:28:43 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 . 2010-12-15 05:28:43 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 . 2010-12-15 05:28:43 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-10-27 18:28:46 . 2010-12-12 13:39:08 11320 ----a-w- C:\Windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-27 05:06:22 . 2010-12-15 05:28:50 2048 ----a-w- C:\Windows\system32\tzres.dll

2010-10-27 04:32:36 . 2010-12-15 05:28:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-10-20 05:20:01 . 2010-12-15 05:28:33 46080 ----a-w- C:\Windows\system32\atmlib.dll

2010-10-20 04:54:18 . 2010-12-15 05:28:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2010-06-28 01:44:50 . 2010-06-28 01:44:50 962560 ----a-w- C:\Program Files (x86)\ePubMaker.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-01-18_02.47.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-01-17 23:50:41 . 2011-01-17 23:50:41 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-01-18 03:31:03 . 2011-01-18 03:31:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-01-18 03:31:03 . 2011-01-18 03:31:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-01-17 23:50:41 . 2011-01-17 23:50:41 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01:48 . 2011-01-18 03:30:17 321804 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01:48 . 2011-01-17 20:49:53 321804 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 17:47:28 62768]

"HP KEYBOARDx"="C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 15:58:40 715264]

"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 04:24:20 98304]

"SoundMAXPnP"="C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 14:57:30 1314816]

"Buttons & OSDs control application gen3"="c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 18:17:50 212992]

"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]

"Propel Accelerator"="C:\Program Files (x86)\Propel Accelerator\PropelAC.exe" [2010-06-03 21:27:04 266375]

"MSN Toolbar"="C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe" [2009-12-09 19:51:42 240480]

"YMailAdvisor"="C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 10:53:34 174424]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 15:44:46 248552]

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 20:13:18 54576]

"Reader Library Launcher"="C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 05:34:46 906648]

"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 08:40:16 180224]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 09:47:04 35760]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 04:07:44 932288]

"Trend Micro RUBotted V2.0 Beta"="C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 14:33:06 1103184]

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 13:39:54 281768]

"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\iexplore.exe" [2010-12-20 23:08:46 963976]

C:\Users\Antes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= 7a23df767d732154398173335d1012ab3314bad9742c1a03616d857a0f61eac5034f06fbfebdd871

1a34569516435e1aefc6ef56b06899e88a67329d2797cb943caae2a15eaed9f016d7a7ebd3377fce5

d6f6b8dd71d505652629682177b5b44dc4ebbdc30424f0d1954f3d0fb67cd4abbdc8afc2563eb3a8b

1181deafb2b43de3600a5a6f54a65a33fd0f388e4f34ba7e5eaca4082b422bdab5beb0ac2f75ab9ef

39b20c5273cbea98838b4476b97bc06ec1c58ed471d5b128691ac565d6b474f5226848620a29ce35e

2e69655ce66d164e3f163face040d8d8b4fc42013d9038482bbe0322e32d4aeefe07b6fa27e450d3e

bee6e02fd1df963184c28dae5928e421fcf57a6f585cfb4b0ea236e953b6c230d52e99e037b8c9d8e

84b984d0134a531d3cd6d66053331bbbff39296e90c9effad0930e7b86a3036d818136aa8967cb558

c9ac3fb2d3f7e0d696f7f947a8e7020fbd866014e3c65ba3b6e27b3d938192eb210a77c22f0b97100

627e1580da689c5849789922efbb6e0271140788c82b3dc8d8c709c3080fec2fc9ffbc154a1fb94d5

90fcca9cb640c701fb2860e5eea3e0945e77137a6431d2f0c6fc3fd9e036c1a4652ea9a124260a8da

5a0530231d24db43976740c635565811feda1b33452e88ea66395bd5bd32c0fe7a9117d59e6bf8251

8ff74462e8c9e941f664a21074915a702eda6c194db325a497e4665987dc1ce0d481fb1a7f1fecb7f

3eda2dabfc1c38629653c561c3e6c1a48d4a1948d9fb87c06a9af1e9f90c7ce37a8853c1fbeea385c

e5bea4beafa72c48f1d18e6298c52e2771c7157ec8423c5566d3b44bdc8b5768e64f4baf8c04fa297

1dcca750d82b1c7cf9f727614802f8595b141c1eba3157f3e9daf97953df5f26ec75bcf415881956c

0539b70d42d0587d3a67db7bad293e429e57ff2c300aa39d84b7133414425788c5656ed59ae513804

4ae77785fa53703194ac108c10cb39c1a1c871ce9cb3566a282bdf3e9f2ce4523729e1c6e25bf7c27

35833af01e713a89013462bee7eb415dcf8becd6e50c7bfb56af30c9a922e7f0d1071c360fd40d4ed

b55577b4ff4c475ff0e67c008ec20165c336a5b175a11f51acfd5031f3b4c92f00b58dcf97c61831a

b1ca041c6299a2eacb5801d3b30d21e96475a5f83b5b59f105c0fe67d942e7456c3b2f7e0e52d9b01

b60e0bb8b4e64dcf141517b6d7a70c0e677185607a5d910e39023a8aa2780bc52b6aceeba86c9a4d6

e8f0e9eb933d7634b1d78a556c94ae99c02c161d5aff26451f0521cde6ac17fecbadec780ef011d86

05886f1dd98260ebc7eacee6417d58c571c91eb41f87c84cd62acac242b8e65fddd9f230ca2ddbfe0

1e3ea80ad8846d0d21cbb1c336bb99e739aa0ce7a013ad61a388946f3c975c40994159c97e278c36d

be12afbae2bf9b5c0c57d00a5f8322d306cfbdc71a0022f4c6a76c94a9f6d8847bd384f8f42b776de

989e2e0b8e7a53ee7c3151b0876fda6e0c2e2ddc8aa8cfd52a286c13d305654bb52575eb74fd4ccff

063f1aaa85805d09298d87db073be7c08b53eff05fe93a2d8fe9cdf6eaf39efeab6952dd59c64b04e

b31e2f63051f1b56e64957b498b32abe768b70752d7eb23231e69471a4befce7f6cd57c970996b3c5

43de3b45b6e5421da4fca2514f656357a66881ca24a3ef62f6a2db245cb034d651ec6ab66e9f756b0

ccc183ca90967808c8e8756ac8cb596cfeebf8907ef477cd2e1b4a8363860d07e6801a030277e3688

1902e024ab4f28013f560ea68a04949f3b5e802dded05d3cffc2c395926dd85592ed179ee997508c9

08cf06bf78e8327a7137703269a98238e1b3807d3b27d56d14276b12b2d0a361f088bb9bcfd8e5150

6dfb1720d9602a5d028bf7534f57b7e270c638324150e1a3f17bf00363ac0704d43de7edbfcf7b8ff

de2187b31a2037263c704341deb1259fe91831ea7f28fac2a25016fd09f8e1d0e5465f4b41f074268

64592b53f4f8a71a31ccca1072e048a9a9713832424418c04f3d1267e32e7dacbbeda73c24a9d2de1

87e7ca6ab8846e46ba5b3c97c719a758f3692fafa43bebc26b0e72f4042cee23190c0bdd1646a8657

64efaa14f2383b62508b35d7086005be8b704cc7180ee0fddfba13f967f439552d4e64648dc57220e

6bc514a64fabb625c93af84396c12d3294e9509867a8b024d47f77ed30cea22b3400cc10be078dae8

11cd62fe0781c39d257924e066d7eb27fb1480c8354e5402a6e32332833e754a4df16b7eb1d104b84

0ac8dee6ff281fbcc91caf3add29a10f560fef643acb63c6a8f4429223143bbfc2bfaee9ce8313a22

51435ee9a9755c74b586c5a5218736301fed235051e5d3b8e9e7accd0e8eb11282d2a749e48388426

7efa315c0ab5b6c854415e171d793095d2f7db16b2e4167856e1d3c06277ac9b6547c70fc11d7e44f

48e4ecee8cf464d145e484df0ef164615bcec0b75ff4f9492d3a5dc11da5a5a8777181cb2d38b1ecf

d7343ad8f7747b18f92e25c5ff19edb09c1046577956dc0e608150698a371a9c901c3b5e530eb55f8

5b809966a61f76dc5a030e8642d6328354c7269694dda41e36bf8b234803845883fdd0fe344620d3a

b3e5fe356ec8908359fc0b28ed59de4e25bc47f1fb6bbc317c2fc13319948f85fb63f69505a2e4ae6

2f2832ea2c5871ffb89552d412379d9ef02960c666f240efde0acb2ada566cfe7d4e262e1162b6545

b952722cedfa1eeffd0816e5977afc012822cad5da6eb2ee242e22f6b3f6094e03aa17a75e5a0bf22

aa2cc453923e71e1668a7a421354e1fc539d85bc608afe3974ee2cdf31ebdd17efc652ea1d80950c3

5fd0c1aef654f20b5cb375e580d374c01fbf0db6abbfffe4e6b1a691d095b98f590db14ce6483f2f4

f01f9cbb8eb4d36ea714f5881bbdaf7c27e3acc8bdf4391e09671ff046d8995fa20c66fef1d61dd9a

33bc1b6f3d4959a6274318f640bd6a559caff37be88386fa565330c62ad196388fe1ea414ae585fe7

67d1477a14db35cd01eda370a03d092be643af4f77da507b053a54495170a1d49e04b37766d8efd64

d53342353bfb49a4df0024e96276b2802358a2d13e417ff709200a7921fbb91c10adad83fd6e0c4c3

b35391285adf12736739e9d6c3d063ea435bdf5f65b1e66d116cbc18cc4a35b22ed3caa1963cec621

c8c98cec7fd2c9d00a579284755197325c2036a62e25c6b779990054695a2000976c09d89331b1e90

b9d2f689a0d5fcaae553d6576967fdf7874dcd45a22ddb52164189c96f39d877d9df7d0bd8f7361a3

a695e6649a2bf5f4537a8ea11cb40622c331adce3d90ab0c55e3634588470cb0a4ac31f6a588e4baa

989e4a7bfa39793731969c5e4cd959cf3b804a8f864351c63e3f2c0a345449e06accdb80c73d2dd90

fb036d511026ede238be1a1cbfe8212bf90c1b0105d600aa2078282dfa00551acca9111cb9c1cf1e4

64c822f4907baab77485ab98643a382f27986708aa29a8a6f22b55c754ef8aeae87f360f3b8372be4

466124a9ab47a57e3c7b39a90a2bee0c71d2952a142dff796f8447a35debd822e197a1d4f1893ce8a

bddb8ec0f9d1f10815e6b5f3ebdf9b13567a75bee754810fda0af52e489fdbd19d1e1f034d80e724c

3cf22329a8c6446104ef162b8ad17696e5ec26f909f4a336bd6a38feaf475483fb92098971712e299

acbddfee0fb0ee45bfbeab9b5a5dc2b9104c05fe5679bd5edf213eabc839bf13120d68ea5627abaab

472d8390d9fec6a72c8aac5dc53ee8b1d1a3df516c8d5a0bd2b86b3dff4d8f9a135c172d1112e704e

7a91a6c9eccd82cd5b52bcfd69892f9ddd72e955518b7e312af5a1ebced2f56d10f12092efad212d8

112e44c2a4214be111731d2d50ae2627b54ec8c10ac5223d01d2e41a64ebc75b177a2dd69bfbcf725

b0bfb4e0e81cce3c11275cc71378a37e8791308f6fc22363254acedc92bf7fdca0b09906f288eac8d

2b538996b0a1d7f386215d5bc87c8d64b7452e02e0a1354eacb3209cd5b17dd0da748490d1cd138dc

16e91afe9cd234704a013ae68e7f1f57178f2cbb8b9150137926b7ab8e959d9c0b6e6594766ce5da9

0a0048c88cc882b6e0de1295aeabeeae32e98a9fb291ef4c7fe381e1fb41e92912f7768a95fc2366f

b7f62932e1655484b0e647865633e466d7906e25bdaee39e0dce8cc47b29d22bda9053c9d65035fee

558bad37b9edd157f7dbe7d30f9e47f0814ed986544c90365bf24d0a93245365ab7362a6a0125301d

da0a72c7d08a0fd72b1bb514226a72274ef9c75a5e0dff9f0dc7bed45191dd45d5bb7573aa663a133

9a2fe0b5a7dd3c6786f596162c17037d5ce549f98d1a9c301561bb0baef42a9c528c8c1bebdcda861

0a8ac64bc2358605e425f53eeb378b584570482707e403f5dfd6ffc94a20c0e807d51d9dcb26fb953

63682e74f0601dc538b03683f5a14f1a94613ef018c94b5184e828ede43090c70acb39d528ad15ff8

0e1c368c519c1beb45c9b7f0ebf030f6c7d9439891a793bb2eff40cfde6dbc51b7039dda95524328c

2c43e7f1ed0fed88c5a2261521fc8d020a4b0f84e6c9d9a666eff7de2c6d0c137abbc7012a18456e1

f0a4139554336ea6f60cec589b2ba13d1c5947fc160c8d50e289b154c84bd351fd6fa87fe898b2135

60c5c4574d3dd7be0a75a5f6aa8bf351751ed6b6cab1b72e9c176cdd3530b6836cfe72a2b7c7dcd57

f947eeb4e6b06094e132c6e3b4bc61accc5626deed07145125f7bdc404ffd142a8f86b1b6337a9b7c

e789ee93f4af5c54e7a90b292cf6ebfacf7d23b87c2a27fdd8e0d0ffe0270e2cd007bfd0bd48f46d8

b26b98765f0813512ec1b63c2eb72ffea274f10db1cfb288995f0f29ccbc538e515b300013069db54

7b00c5dacabdaf8111be9ea18ab8b513b7fa3960c690642c15f2814ef2df4509667fb595ea2d18220

e3b422a8586fe6ba467e6c5243730d30a598e8f9943ad68a4739d6d2da79657632e11dc0442042ef1

e9eead227b26195a715cbda8a970b0b6010e4efa99a5e7c50fd6ced756bcb136f6e2df0121e97822d

9708dd57aa5b7cecd36ed9526b84d43b811fe8d0c2a1d3fbb69d90ef9befde7dcb13962a85dd8e85f

06abcb85d569f5ccd2fda92b32a224ffb155bf74a8dfe2e8871beea9c966bcd76bd16b353c276863c

158a5ad06e80b644bdd6cf2fa860bf3c6c99c845223fbbfd85b4c4f2bb16d262d7ba4051a2d6b5d89

b7d49c03cd1e94f7f74fc62a13f46bc26370d9e1dbc7b98a504449eb0c8885e073dfbd18e464311ca

e8a16aa0fed4efb3602e3bdf011b39cfaedcdd6a82adc3f091e5358b2728962854de0184a8e42d8a3

b8194dcf09bd4b0fb2b55dda1ee2c353f5d3f168ee0aa3c253f62d9405918e8bf1861be72a413e293

d7f2dd1e94f18cd61b8e61994bd547f646f10d91f0c55f75f5dbe9ac0d9ebf0d7fcafd56e320aa7b2

d5ee33de76e35fdbede4ad34090c8dbe4b376cf4bf1a0dbc5eabdac17e250ca7cb60c29e9153bfffa

95ec61c7b9221cbf94864e4fb3067ef26f217c49b79e446e107f2585d9312395d4059996e2e322cc0

e3dba53cd4321fa845680544bbe4f0df19f767b4029b37582103b68433ca4a759c1029f032211519c

0d7013f65ca9395028004731a567b443a7f58f64659368fb7df96e8839d9d57f11597b5771c7cadeb

b88e0cf9052eda64c9bddb3cf52386e83cc460a9a01764d98f8009e1280caab60b521887e89522847

77ec6d7d09dfdaa87224d1b0cef2fcabab35ecf4c73c007d1bb2896619cf2bce33cf86e99ca416525

2e858a35c152f4350f88580196335def72329aec731bfe2852c72a31f0f07b6142cff230bccd1d6bd

9129156b8f5d312a505bb17e1ce0ac2b77ec7748ea72809507537a0ea78dbbc176b0e2dcb292bc0a2

f4469009f45ba5210f5de8cb64c3e7eebcba5d774b3a4f2f5067635fc086b9e269bc5985ad8c6b1ff

5830ef12fafdb676e04feb8cbbaa5a04496155f31b4e9e259cc687b44fcc58d95885f1033eecb126e

fc7965605daa594475a8ce873a486af3a2f7f99378dc0788917dd2e860b83f6361f1bec5cd8ab4c4e

094a200396d61c6e7ee9c60a1908d9b69d1eecc4e7294f4d793436c7bf8519d996175a6d0e4a29076

fdaa4567b0e4309f33274e45d4682c11303f8bbbe3fd0d2ddf6ab824e636a742516eb63433c387e2a

20ff0e0ff2435831c750c56ae2f4400432ece0cd1b9dc76e79044af8e3f051c02c6f016d3086994fc

d259af22f592bf451c4bbdd13c04ae88aa20ea09ef89d8674206897259e780d141b5d8380ae685b55

5b1a5d48d9dba02299efae5c03a7e3ed03d41660c4817b29bbe2c839e88797d059d50c93efb7b7de6

491bc5b8d7531a0d4dd9ac7452b0aad36b59ab147641fa80d52df111c8946f5650dda11c31d7137d0

b7a2f2fd5a7969e20f6f86d2aa9957b34e1fb40c2ff022609cb4f7bb3c02bf8a98d4dfafd93878d5d

3488ed101435b6a6a557d3c8b6a1d05761706b46b71908fa98818d58431ada2b8090c12fdb6cfa9dc

70e1f3c0c035675088b891fc448471d68f561ea4e942ae33b7a55aee8b5cdeaea6331fd4bba010dc9

5f6b2d6963d442ab9b6760036895d66ede7faaefa4b69cf8b005b09eee3c6c8ee6adbcb60e53985f9

0460c4639a68908fa0f3564c7d6045198441f937bf105703eb1db883c3cb493f82fcb1ed52a3caf5c

0eb78990aa9a808003cce36d7d7e4847b815fe42660633d323633112b2ceb5d29cf71c15d58a9e0e9

30e80af5b3ac18ff348a987242672b7b2aeb2a18bd33907154c6146c10cb95d57c6779bbb9dccedc3

60d841c8ff341d9c1660d463fdf0a5542825fdb605c76ee60e967924dd9b495c91336b8a4fb570fad

f082abc819d8754162255d60c112b53ebe9bd7d632c40e5f4f88b4f9d9e01397e7d231a1dcf405b91

8fbfee495c907b0bdeffed27f70680ea1c76357582cdb3816140172a3f7f9e66f55d3b626fbbda886

8277cb6d1a075c3785adea466619b9e2bcdc6444aa1dc7abed798d1c3cdf9c644082ed09cbb808c1c

89150b5ce1734e3f4d4a9c1e895d7233b6e125efffe0dae94f44ad5bfd2d505fcf1320016c6947ef4

634fcfb64190c1003c4cc496df764c2ae27577a371f1d5f07caf3d1346fba1528a72b8d7d735b16ae

5ec21962a0b4107a95356370b9c7049f0d35735873fc3265c08cb2072f9a0e692857b1be208d4a7b9

50d55cb25c0eda00636ab0011862c3f5152d70f4b016c7fdae0f419ce76099f404e0da3090b817695

2695dcadb11e6f25be98f99b9138c77e2935b61609af6b62f0b4df9cd38f3bf91ec18cc3dafb779d6

451058b478591bd517b1b2e9763f55b4e5d9160091640ba463f583fe517c3d203048dc79c9ce95b23

0a62bd751d61db7cc531d8d03c5c5e0708b86a73cffe1b10efbd944219ba8049a45b11718e7b6878c

804be84be28a3ac561b6091029c009f21b64f001e46af9d9bcfe2bbcf4fb87ecce6986589243c37bd

e7ef4823e481eadfc8d09f73ac0f2f93dd8810c0c99faae3a14b7260071d66b8eec2f43a31e89a85c

7e0d6fcd4927fa2cc6dc9b5089497694778bc79bbcf32dd21a07a29b81cab0ace13ee2b13c267939f

f1061cf929364672ed69cfdef512e782ad835d400d5fd8033d472053946d8e98f7ebcd350002aeff1

06fb2094c01443256465d13547c6d7eefb4ba4b3680d7d041f2e92a2ea1731f4a8043aaa58c3d3a07

3b85c057f25a5bce1a85f02f305d1525626cc858960e13ebbf8d185dee645b2fdd9c08dc6cf7bd1b3

8cf58d3cffb63c9add7053c45564a294e8e0cf6e7b060323abcee315604ec29ba53a15a7b7a727a65

b140ea775aaddc0d7c31bad57aa74bb24a1afe45a29e03cd37ddf8b4060f83c307918e47612bbf888

2fa99d8a995a0041115a0a44e491935dbfc8d332c5691925df86bf78531d5db5999b3d4d699e0f7f1

9ffde7b261043c81022d9e36c4bf029346586f6615a720fbc9fe33df6f1ff093be59a12d2492d5843

6f94d9e55d8de70f21be203863faa15d41c077a35604563e1c328e9175713a978424bb81c1b765a14

d98778682835169cf03e1c7c3365f5067d03a00d162528ce0f6dc67ffc051d1a560fb7228e67feaf9

0f7209f15e1b8a386e7bfe67868a06e96ec4c5a781e495e404f0f965b675d3d6a814d8694f3d40c0d

83bc20dbb71bf7893e3bec02df71826df7df487e71bee76c843f13476bf24eaae4e186e3b999de6ff

0e413894eb13c23299ad4bd43c713a9688120662d656eecb771bea394898e14786e61c69e4bffbd2d

b85e7954286870a1e7e3773bb5db6dfadfc4b1e4fefea1a18a4db538840832bcc4d0fae1154b5c5ea

ae3dadf297c1a8b284b1f3c5b619f7391027c33926e7bae9965289929b875cffdf58522791082e0bb

8534fe2c7afe27471d256c4fcbe7410f15f56615e3e83b5115ad60d59d2bcafb43f3b1bef4734428f

6fe5f37031b196ac4f241cbe663236e8c6bfc5d181649273c2714034612e7e53b4678186a727b2e20

fc3a4fa3b1a484bb2cc1c64d8c7894111e9fba4f93b270088e560ea4e475ccd5a463bdf5ae4c55403

14f4d1b4ccb223565be33186fda62ff6add815103ada50dd9d95b7268abbc0d9454ff4adb767a009c

131ce22fcd0347364b2d8ea14a829a133bcd813a55482f6920835b50db13120f4c2eb6217dc58349c

9c6751a1b7cf2a244a0cda206ba45cf904affc1ae1960bdd071bd7ab489ada64148e320192565178b

2ef39f6dff6a95cd5e2c4b11e7020c98d38c814273c82ce85c254757a5f4680f655684e2a1e175ded

497dbc5f8557c3ccfcfb01d3e29976c74dc1025547251e6721a1ca490b78c60ae2e00526ae49c25f6

1fbbb86f65f663bf15dddc2da717d9393feea5283e45301f454f875bae3e90616de108bd9de7185cd

9cb19b5006d54742924dce22d231757348caf2657c5421b14d02f8c58543bd21cfb04476012db6a23

c85d1266cfc998a4f6660656d3c8c16fbef9ab5007c6349b6419e3c330fa70c48807e42aa8b13a84f

55c1b71b4a184fbc6ddfaad2ec599354f8c8d32fd330ed302b5d0b23f8a627373dbef5ceb7cf8032b

c6edac085fdae02c27cc9253da2d9adba2d756721765e9fdf48059489f24d29c29b91dd60d6e9fdca

76a918a4a42bb4af2ecf3fea223f48fd9cf8efd8dc069b989e9c0eebaaa092ee328e7196ae00ad6ad

6d8717cc7d3539b6161d6c9eeb533ef041859d0ac82323cc36b2886a1dfe837f9d1650400b120fed2

40a70911a45c8fcfb77876aea5504f45b6d6d0c6c6686284dec1b3c1dde330da17e174978ad10ae2c

12375c3f730748f8016835b65c4a5b74e516199a6920b98f9eb445ba165c450a10157a1d14c26643c

343811c61a393a11287976a2e5379e40c307203d9d88134139fc27f78221ef3640b8fdd93093a473e

ff0023f1a053e56b4dc0f25c8617e1d4fb9ecac53d6566d5549d89bed5770ccb04e05dc5619a8271c

1319fb68198d4cace3aeaa8cd394e471438fd340438d24ac1bec89359e4afb78425346a7c6d7c8371

82076d875821faad233f5ae7b5d497afa7296323ac0c1b3ec459f112ac4b8445a184b1e56c99180c9

dd46cedcf166a013ec8834bb71a2813fe3902b21db08e4dc3c7535647690c25cf234cf88b06e03852

ed46cb88d19c484efdef3c023cad46884dc3c921e0039a413e197c53dffa99115014511d44c11ead7

d4fdd448a432114efbf7699096417ec2f58ca66bcdcade2c8fb5c8ae8f64f0d9651c5347936922f86

96ec347267a191c60db0564a6f72dbe6398fc770588e9b95f5efdff4c978fcc96e9529d16d3931c1c

e579bb9610af1baf5a54e95580e185f28e4101e6bbe4e134490f1f7bad767229f00cd0eb551a32673

c8e972e46964becba6e69e228769f974c8831ca348841aaa53d4d49bc5ff94fd1f10feba0dad0c410

ab8d3dddda78515c65fd9170f334850903b3399a8ca6f8cde0225875d6b776c4284583be1a1080ed5

d164557329fc8add2179cc50e19b84a33cc7ab23072eb71fb3e456d3066b3b1fbfb7a576539f491fe

da107fb28adec02f90957e8cf62aab80ea218ad264a3721009d2ce844f596964e347e949471d98e2c

0256bea6f063c57be965bd5fdef45724dc5b39bbef6d747b463e2728fbeffc9cd8b2549b4e42f2860

3e44bf5e4571b53f91fc0d91ccf5630f160d7215a8abda57b83d20d19dccf70134d4be55825249df9

b1ee450c27b9524d1eda21adb4a53e71114f92be2062fa466caed60a2fdb98abb33d441bfe8b3f6ee

adaa79697004bde75c53dba9fb055ab09e38ae2dfecffe3923c62bc685c20dd672edffeaaf009fbe6

2a1cf332ff0ff8da25dafdecdbc2fc2329baa4de2d3d36242e75d3d86e06781d4eba7dcb1c8f0a7a3

3a036b9eb1a7a5bf27fcc63c480c7e9bd5a33a234a60eb91bf0d0a0b0c2cd95a30d2eb53f4b9e696c

b90887cfd95e84a0466ffab3614665da5a27a612a44cd1d1a4b7336e7dc197cb1e600f7f3499728b6

3c4f9204ecab79a06696eaf4b7fafb4b528e5440b2efef7640f31b8a763ac7464506fd18b44cadc2c

a0aac52afdcfc550eca4e48bdfd65c54fa012fd29cba54c64e63248cdd61f892b997eaf2d729aa7a0

47d02be547a188a3cf04a4b98f013f77e97b790d994e95439b99fc6b495d8594c448f30196cbbfd99

67218200b7529e614bf8a9abf47fe597398049af67c4d1c9a4fd9af83f30cf35bbb046248872a911b

3007b2ca26595e21576791b45391f718ae2b6653a68cab90066189174a47ff7d049aca187f872bb6a

169ea8f16e7529b77aae72059f7726fe0413295779ef5fb745ae9e99099b0489b3eb2ac6d0cb79220

0bb5e57c2ee6c7b33200

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09:06 135664]

R3 CFcatchme;CFcatchme;C:\Users\Antes\AppData\Local\Temp\CFcatchme.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 01:56:34 14328]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [2008-07-07 16:23:56 25600]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 15:08:40 213120]

R3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys [2010-01-18 20:40:26 4608]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 23:03:36 43032]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-10 05:11:05 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]

S0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys [2010-09-03 17:26:22 37456]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]

S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-02-03 08:17:12 202752]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 13:40:07 135336]

S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 18:05:00 21560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 22:27:38 92216]

S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [2010-12-23 19:09:44 142424]

S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2009-10-20 18:19:54 47632]

S2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 14:33:10 439632]

S3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS [2009-06-17 18:08:24 17992]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 08:55:20 6366720]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 07:24:00 186880]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys [2009-10-12 17:42:24 763904]

S3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\DRIVERS\NW1950.sys [2010-08-06 17:18:16 26176]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 14:31:42 233472]

S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 13:39:58 34872]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-18 C:\Windows\Tasks\AWC AutoSweep.job

- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-13 18:42:22 . 2010-01-22 19:11:04]

2011-01-18 C:\Windows\Tasks\AWC Startup.job

- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-14 19:37:34 . 2010-12-16 21:19:34]

2011-01-18 C:\Windows\Tasks\Free File Viewer Update Checker.job

- C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-12-06 03:45:24 . 2010-09-22 16:25:44]

2011-01-18 C:\Windows\Tasks\GlaryInitialize.job

- C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-01-05 02:17:50 . 2010-11-24 15:47:04]

2011-01-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09:07 . 2010-07-09 07:09:06]

2011-01-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09:07 . 2010-07-09 07:09:06]

2011-01-12 C:\Windows\Tasks\HPCeeScheduleForAntes.job

- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22:28 . 2009-10-07 08:22:28]

2011-01-18 C:\Windows\Tasks\RegistryBooster.job

- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-10 23:09:16 . 2010-06-17 12:53:04]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-12-23 19:09:44 83696 ----a-w- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.my.yahoo.com/

uLocal Page = C:\Windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=localhost:8080

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Refresh Pa≥ with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-page.html

IE: Refresh Pi&cture with Full Quality - C:\Program Files (x86)\Propel Accelerator\pac-image.html

IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html

LSP: C:\Program Files (x86)\Propel Accelerator\prplsf.dll

Trusted Zone: nbc.com\www

FF - ProfilePath - C:\Users\Antes\AppData\Roaming\Mozilla\Firefox\Profiles\4v4j0vpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FinalVideoDownloader plugin for Mozilla Firefox: downloader@finalvideotools.com - C:\Program Files (x86)\FinalVideoDownloader\Firefox

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - C:\Users\Antes\AppData\Roaming\IDM\idmmzcc3

FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Shop to Win: {46d606b0-a645-11df-981c-0800200c9a66} - %profile%\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a1,23,98,13,80,02,5e,65,69,62,2f,ab,e5,a1,da,fd,ed,5f,e5,98,02,

44,e8,36,f0,d1,c6,4a,2c,86,05,a9,db,6b,c6,ad,61,33,83,88,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{cf0c4bbe-795b-49d3-9c15-a8bb9cccedcc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000136

"Therad"=dword:0000001b

"MData"=hex(0):00,3c,62,a2,9b,57,4e,6e,1c,89,3c,8e,cf,82,1a,ba,1a,10,80,d7,56,

1b,7d,e6,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-01-17 22:35:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-18 03:35:53

ComboFix2.txt 2011-01-18 02:48:58

Pre-Run: 317,800,583,168 bytes free

Post-Run: 317,726,552,064 bytes free

- - End Of File - - A8E8FAACCD04D04112DC276BD50143B8

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=localhost:8080
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

FireFox:: 
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - Ext: Shop to Win: {46d606b0-a645-11df-981c-0800200c9a66} - %profile%\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

ComboFix 11-01-17.03 - Antes 01/19/2011 14:16:12.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2366 [GMT -5:00]

Running from: c:\users\Antes\Desktop\ComboFix.exe

Command switches used :: c:\users\Antes\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Internet Download Manager\IEExt.htm

c:\program files (x86)\Internet Download Manager\IEGetAll.htm

c:\program files (x86)\Internet Download Manager\IEGetVL.htm

c:\users\Antes\AppData\Local\Temp\7B27.tmp

.

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))

.

2011-01-19 19:20 . 2011-01-19 19:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-01-19 19:20 . 2011-01-19 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-17 05:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-17 05:40 . 2011-01-17 06:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-15 19:49 . 2011-01-15 19:49 -------- d-----w- c:\programdata\KingsIsle Entertainment

2011-01-13 12:46 . 2011-01-13 12:46 -------- d-----w- c:\programdata\ProcessLasso

2011-01-12 15:30 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 15:30 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-12 15:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-12 15:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-01-10 22:43 . 2011-01-10 22:43 -------- d-----w- c:\program files (x86)\WinUtilities

2011-01-10 22:43 . 2010-07-26 03:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2011-01-10 22:43 . 2010-07-26 03:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2011-01-10 22:43 . 2010-07-26 03:23 33968 ----a-w- c:\windows\SysWow64\anim.dll

2011-01-08 07:11 . 2011-01-08 07:11 -------- d-----w- c:\program files (x86)\Text2PDF v1.5

2011-01-08 05:17 . 2011-01-15 09:45 -------- d-----w- c:\users\Antes\Calibre Library

2011-01-08 05:16 . 2011-01-15 03:00 -------- d-----w- c:\program files (x86)\Calibre2

2011-01-06 03:14 . 2011-01-06 03:14 -------- d-----w- c:\programdata\Trend Micro

2011-01-06 02:47 . 2011-01-06 02:47 -------- d-----w- c:\users\Antes\AppData\Roaming\Avira

2011-01-05 10:26 . 2011-01-05 10:26 -------- d-----w- c:\programdata\kinoma

2011-01-05 03:11 . 2011-01-05 03:11 -------- d-----w- c:\program files\Perfect Uninstaller

2011-01-05 02:17 . 2011-01-05 02:18 -------- d-----w- c:\program files (x86)\Glary Utilities

2011-01-05 00:31 . 2011-01-05 00:31 -------- d-----w- c:\program files (x86)\Virtual Villagers 5 - New Believers

2011-01-04 23:45 . 2011-01-04 23:45 -------- d-----w- c:\program files (x86)\Ace File Shredder

2011-01-04 23:36 . 2011-01-05 03:45 -------- d-----w- c:\program files (x86)\Uninstall Plus v4.1

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\WinPcap

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2011-01-04 23:04 . 2011-01-04 23:04 388096 ----a-r- c:\users\Antes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- C:\Trend Micro

2011-01-04 20:53 . 2011-01-05 02:23 -------- d-----w- c:\users\Antes\AppData\Roaming\GlarySoft

2011-01-04 20:53 . 2011-01-04 20:54 -------- d-----w- c:\program files (x86)\Absolute Uninstaller

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\users\Antes\AppData\Roaming\URSoft

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\program files (x86)\Your Uninstaller! 2010

2011-01-04 04:00 . 2011-01-04 04:00 -------- d-----w- c:\users\Antes\AppData\Roaming\NwDocx

2011-01-04 04:00 . 2011-01-04 04:03 -------- d-----w- c:\users\Antes\AppData\Roaming\Docx2Rtf

2011-01-01 15:57 . 2011-01-01 15:57 -------- d-----w- c:\users\Antes\AppData\Roaming\Sleepwalker Games

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\StoneLoops!

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\Saqqarah

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\MagicMatch

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\JodieDrake

2010-12-28 18:40 . 2011-01-18 18:10 -------- d-----w- c:\users\Antes\AppData\Roaming\HP Support Assistant

2010-12-27 14:55 . 2010-12-27 15:06 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\programdata\3DVIA

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\program files (x86)\Virtools

2010-12-23 21:40 . 2005-09-01 20:13 245408 ----a-w- c:\windows\SysWow64\unicows.dll

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\programdata\Recordzilla

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\program files (x86)\Recordzilla

2010-12-23 21:40 . 2004-03-18 23:11 751616 ----a-w- c:\windows\SysWow64\VBOLock.ocx

2010-12-23 21:40 . 2003-12-22 13:20 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2010-12-23 21:40 . 2003-12-22 13:20 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2010-12-23 19:00 . 2010-12-23 19:09 142424 ----a-w- c:\windows\system32\drivers\idmwfp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-31 18:58 . 2010-12-02 01:56 23104 ----a-w- c:\windows\SysWow64\svcprmpt.dll

2010-12-31 18:58 . 2010-12-02 01:56 30976 ----a-w- c:\windows\rascntrl.dll

2010-12-20 23:08 . 2010-09-21 03:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 16:13 . 2010-12-15 22:46 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax

2010-12-13 13:40 . 2010-07-09 05:56 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 13:40 . 2010-07-09 05:56 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-09 11:23 . 2010-07-23 04:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-09 11:23 . 2010-07-23 04:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2010-11-30 21:48 . 2010-07-21 23:22 16384 ----a-w- c:\windows\SysWow64\msdrve.dll

2010-11-04 06:35 . 2010-12-15 05:28 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 05:28 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 05:28 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 05:28 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 05:28 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 05:28 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 05:28 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 05:28 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 05:28 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 05:28 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 05:28 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 05:28 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 05:28 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 05:28 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 05:28 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 05:28 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 18:28 . 2010-12-12 13:39 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-27 05:06 . 2010-12-15 05:28 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 05:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2010-06-28 01:44 . 2010-06-28 01:44 962560 ----a-w- c:\program files (x86)\ePubMaker.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-01-18_02.47.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-09 00:38 . 2011-01-19 18:23 66520 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-01-19 18:23 57734 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-09 03:05 . 2011-01-19 18:23 19332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1719504641-4281115936-1006895277-1000_UserData.bin

+ 2009-07-14 04:46 . 2011-01-19 18:24 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-01-17 23:50 . 2011-01-17 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-01-19 19:21 . 2011-01-19 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-01-19 19:21 . 2011-01-19 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-01-17 23:50 . 2011-01-17 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-01-17 20:49 321804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-01-19 19:21 321804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-07-09 03:00 . 2011-01-12 00:49 3704552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-07-09 03:00 . 2011-01-19 01:45 3704552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 02:34 . 2011-01-18 00:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-01-19 18:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]

"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Propel Accelerator"="c:\program files (x86)\Propel Accelerator\PropelAC.exe" [2010-06-03 266375]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe" [2009-12-09 240480]

"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\users\Antes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= 7a23df767d732154398173335d1012ab3314bad9742c1a03616d857a0f61eac5034f06fbfebdd871

1a34569516435e1aefc6ef56b06899e88a67329d2797cb943caae2a15eaed9f016d7a7ebd3377fce5

d6f6b8dd71d505652629682177b5b44dc4ebbdc30424f0d1954f3d0fb67cd4abbdc8afc2563eb3a8b

1181deafb2b43de3600a5a6f54a65a33fd0f388e4f34ba7e5eaca4082b422bdab5beb0ac2f75ab9ef

39b20c5273cbea98838b4476b97bc06ec1c58ed471d5b128691ac565d6b474f5226848620a29ce35e

2e69655ce66d164e3f163face040d8d8b4fc42013d9038482bbe0322e32d4aeefe07b6fa27e450d3e

bee6e02fd1df963184c28dae5928e421fcf57a6f585cfb4b0ea236e953b6c230d52e99e037b8c9d8e

84b984d0134a531d3cd6d66053331bbbff39296e90c9effad0930e7b86a3036d818136aa8967cb558

c9ac3fb2d3f7e0d696f7f947a8e7020fbd866014e3c65ba3b6e27b3d938192eb210a77c22f0b97100

627e1580da689c5849789922efbb6e0271140788c82b3dc8d8c709c3080fec2fc9ffbc154a1fb94d5

90fcca9cb640c701fb2860e5eea3e0945e77137a6431d2f0c6fc3fd9e036c1a4652ea9a124260a8da

5a0530231d24db43976740c635565811feda1b33452e88ea66395bd5bd32c0fe7a9117d59e6bf8251

8ff74462e8c9e941f664a21074915a702eda6c194db325a497e4665987dc1ce0d481fb1a7f1fecb7f

3eda2dabfc1c38629653c561c3e6c1a48d4a1948d9fb87c06a9af1e9f90c7ce37a8853c1fbeea385c

e5bea4beafa72c48f1d18e6298c52e2771c7157ec8423c5566d3b44bdc8b5768e64f4baf8c04fa297

1dcca750d82b1c7cf9f727614802f8595b141c1eba3157f3e9daf97953df5f26ec75bcf415881956c

0539b70d42d0587d3a67db7bad293e429e57ff2c300aa39d84b7133414425788c5656ed59ae513804

4ae77785fa53703194ac108c10cb39c1a1c871ce9cb3566a282bdf3e9f2ce4523729e1c6e25bf7c27

35833af01e713a89013462bee7eb415dcf8becd6e50c7bfb56af30c9a922e7f0d1071c360fd40d4ed

b55577b4ff4c475ff0e67c008ec20165c336a5b175a11f51acfd5031f3b4c92f00b58dcf97c61831a

b1ca041c6299a2eacb5801d3b30d21e96475a5f83b5b59f105c0fe67d942e7456c3b2f7e0e52d9b01

b60e0bb8b4e64dcf141517b6d7a70c0e677185607a5d910e39023a8aa2780bc52b6aceeba86c9a4d6

e8f0e9eb933d7634b1d78a556c94ae99c02c161d5aff26451f0521cde6ac17fecbadec780ef011d86

05886f1dd98260ebc7eacee6417d58c571c91eb41f87c84cd62acac242b8e65fddd9f230ca2ddbfe0

1e3ea80ad8846d0d21cbb1c336bb99e739aa0ce7a013ad61a388946f3c975c40994159c97e278c36d

be12afbae2bf9b5c0c57d00a5f8322d306cfbdc71a0022f4c6a76c94a9f6d8847bd384f8f42b776de

989e2e0b8e7a53ee7c3151b0876fda6e0c2e2ddc8aa8cfd52a286c13d305654bb52575eb74fd4ccff

063f1aaa85805d09298d87db073be7c08b53eff05fe93a2d8fe9cdf6eaf39efeab6952dd59c64b04e

b31e2f63051f1b56e64957b498b32abe768b70752d7eb23231e69471a4befce7f6cd57c970996b3c5

43de3b45b6e5421da4fca2514f656357a66881ca24a3ef62f6a2db245cb034d651ec6ab66e9f756b0

ccc183ca90967808c8e8756ac8cb596cfeebf8907ef477cd2e1b4a8363860d07e6801a030277e3688

1902e024ab4f28013f560ea68a04949f3b5e802dded05d3cffc2c395926dd85592ed179ee997508c9

08cf06bf78e8327a7137703269a98238e1b3807d3b27d56d14276b12b2d0a361f088bb9bcfd8e5150

6dfb1720d9602a5d028bf7534f57b7e270c638324150e1a3f17bf00363ac0704d43de7edbfcf7b8ff

de2187b31a2037263c704341deb1259fe91831ea7f28fac2a25016fd09f8e1d0e5465f4b41f074268

64592b53f4f8a71a31ccca1072e048a9a9713832424418c04f3d1267e32e7dacbbeda73c24a9d2de1

87e7ca6ab8846e46ba5b3c97c719a758f3692fafa43bebc26b0e72f4042cee23190c0bdd1646a8657

64efaa14f2383b62508b35d7086005be8b704cc7180ee0fddfba13f967f439552d4e64648dc57220e

6bc514a64fabb625c93af84396c12d3294e9509867a8b024d47f77ed30cea22b3400cc10be078dae8

11cd62fe0781c39d257924e066d7eb27fb1480c8354e5402a6e32332833e754a4df16b7eb1d104b84

0ac8dee6ff281fbcc91caf3add29a10f560fef643acb63c6a8f4429223143bbfc2bfaee9ce8313a22

51435ee9a9755c74b586c5a5218736301fed235051e5d3b8e9e7accd0e8eb11282d2a749e48388426

7efa315c0ab5b6c854415e171d793095d2f7db16b2e4167856e1d3c06277ac9b6547c70fc11d7e44f

48e4ecee8cf464d145e484df0ef164615bcec0b75ff4f9492d3a5dc11da5a5a8777181cb2d38b1ecf

d7343ad8f7747b18f92e25c5ff19edb09c1046577956dc0e608150698a371a9c901c3b5e530eb55f8

5b809966a61f76dc5a030e8642d6328354c7269694dda41e36bf8b234803845883fdd0fe344620d3a

b3e5fe356ec8908359fc0b28ed59de4e25bc47f1fb6bbc317c2fc13319948f85fb63f69505a2e4ae6

2f2832ea2c5871ffb89552d412379d9ef02960c666f240efde0acb2ada566cfe7d4e262e1162b6545

b952722cedfa1eeffd0816e5977afc012822cad5da6eb2ee242e22f6b3f6094e03aa17a75e5a0bf22

aa2cc453923e71e1668a7a421354e1fc539d85bc608afe3974ee2cdf31ebdd17efc652ea1d80950c3

5fd0c1aef654f20b5cb375e580d374c01fbf0db6abbfffe4e6b1a691d095b98f590db14ce6483f2f4

f01f9cbb8eb4d36ea714f5881bbdaf7c27e3acc8bdf4391e09671ff046d8995fa20c66fef1d61dd9a

33bc1b6f3d4959a6274318f640bd6a559caff37be88386fa565330c62ad196388fe1ea414ae585fe7

67d1477a14db35cd01eda370a03d092be643af4f77da507b053a54495170a1d49e04b37766d8efd64

d53342353bfb49a4df0024e96276b2802358a2d13e417ff709200a7921fbb91c10adad83fd6e0c4c3

b35391285adf12736739e9d6c3d063ea435bdf5f65b1e66d116cbc18cc4a35b22ed3caa1963cec621

c8c98cec7fd2c9d00a579284755197325c2036a62e25c6b779990054695a2000976c09d89331b1e90

b9d2f689a0d5fcaae553d6576967fdf7874dcd45a22ddb52164189c96f39d877d9df7d0bd8f7361a3

a695e6649a2bf5f4537a8ea11cb40622c331adce3d90ab0c55e3634588470cb0a4ac31f6a588e4baa

989e4a7bfa39793731969c5e4cd959cf3b804a8f864351c63e3f2c0a345449e06accdb80c73d2dd90

fb036d511026ede238be1a1cbfe8212bf90c1b0105d600aa2078282dfa00551acca9111cb9c1cf1e4

64c822f4907baab77485ab98643a382f27986708aa29a8a6f22b55c754ef8aeae87f360f3b8372be4

466124a9ab47a57e3c7b39a90a2bee0c71d2952a142dff796f8447a35debd822e197a1d4f1893ce8a

bddb8ec0f9d1f10815e6b5f3ebdf9b13567a75bee754810fda0af52e489fdbd19d1e1f034d80e724c

3cf22329a8c6446104ef162b8ad17696e5ec26f909f4a336bd6a38feaf475483fb92098971712e299

acbddfee0fb0ee45bfbeab9b5a5dc2b9104c05fe5679bd5edf213eabc839bf13120d68ea5627abaab

472d8390d9fec6a72c8aac5dc53ee8b1d1a3df516c8d5a0bd2b86b3dff4d8f9a135c172d1112e704e

7a91a6c9eccd82cd5b52bcfd69892f9ddd72e955518b7e312af5a1ebced2f56d10f12092efad212d8

112e44c2a4214be111731d2d50ae2627b54ec8c10ac5223d01d2e41a64ebc75b177a2dd69bfbcf725

b0bfb4e0e81cce3c11275cc71378a37e8791308f6fc22363254acedc92bf7fdca0b09906f288eac8d

2b538996b0a1d7f386215d5bc87c8d64b7452e02e0a1354eacb3209cd5b17dd0da748490d1cd138dc

16e91afe9cd234704a013ae68e7f1f57178f2cbb8b9150137926b7ab8e959d9c0b6e6594766ce5da9

0a0048c88cc882b6e0de1295aeabeeae32e98a9fb291ef4c7fe381e1fb41e92912f7768a95fc2366f

b7f62932e1655484b0e647865633e466d7906e25bdaee39e0dce8cc47b29d22bda9053c9d65035fee

558bad37b9edd157f7dbe7d30f9e47f0814ed986544c90365bf24d0a93245365ab7362a6a0125301d

da0a72c7d08a0fd72b1bb514226a72274ef9c75a5e0dff9f0dc7bed45191dd45d5bb7573aa663a133

9a2fe0b5a7dd3c6786f596162c17037d5ce549f98d1a9c301561bb0baef42a9c528c8c1bebdcda861

0a8ac64bc2358605e425f53eeb378b584570482707e403f5dfd6ffc94a20c0e807d51d9dcb26fb953

63682e74f0601dc538b03683f5a14f1a94613ef018c94b5184e828ede43090c70acb39d528ad15ff8

0e1c368c519c1beb45c9b7f0ebf030f6c7d9439891a793bb2eff40cfde6dbc51b7039dda95524328c

2c43e7f1ed0fed88c5a2261521fc8d020a4b0f84e6c9d9a666eff7de2c6d0c137abbc7012a18456e1

f0a4139554336ea6f60cec589b2ba13d1c5947fc160c8d50e289b154c84bd351fd6fa87fe898b2135

60c5c4574d3dd7be0a75a5f6aa8bf351751ed6b6cab1b72e9c176cdd3530b6836cfe72a2b7c7dcd57

f947eeb4e6b06094e132c6e3b4bc61accc5626deed07145125f7bdc404ffd142a8f86b1b6337a9b7c

e789ee93f4af5c54e7a90b292cf6ebfacf7d23b87c2a27fdd8e0d0ffe0270e2cd007bfd0bd48f46d8

b26b98765f0813512ec1b63c2eb72ffea274f10db1cfb288995f0f29ccbc538e515b300013069db54

7b00c5dacabdaf8111be9ea18ab8b513b7fa3960c690642c15f2814ef2df4509667fb595ea2d18220

e3b422a8586fe6ba467e6c5243730d30a598e8f9943ad68a4739d6d2da79657632e11dc0442042ef1

e9eead227b26195a715cbda8a970b0b6010e4efa99a5e7c50fd6ced756bcb136f6e2df0121e97822d

9708dd57aa5b7cecd36ed9526b84d43b811fe8d0c2a1d3fbb69d90ef9befde7dcb13962a85dd8e85f

06abcb85d569f5ccd2fda92b32a224ffb155bf74a8dfe2e8871beea9c966bcd76bd16b353c276863c

158a5ad06e80b644bdd6cf2fa860bf3c6c99c845223fbbfd85b4c4f2bb16d262d7ba4051a2d6b5d89

b7d49c03cd1e94f7f74fc62a13f46bc26370d9e1dbc7b98a504449eb0c8885e073dfbd18e464311ca

e8a16aa0fed4efb3602e3bdf011b39cfaedcdd6a82adc3f091e5358b2728962854de0184a8e42d8a3

b8194dcf09bd4b0fb2b55dda1ee2c353f5d3f168ee0aa3c253f62d9405918e8bf1861be72a413e293

d7f2dd1e94f18cd61b8e61994bd547f646f10d91f0c55f75f5dbe9ac0d9ebf0d7fcafd56e320aa7b2

d5ee33de76e35fdbede4ad34090c8dbe4b376cf4bf1a0dbc5eabdac17e250ca7cb60c29e9153bfffa

95ec61c7b9221cbf94864e4fb3067ef26f217c49b79e446e107f2585d9312395d4059996e2e322cc0

e3dba53cd4321fa845680544bbe4f0df19f767b4029b37582103b68433ca4a759c1029f032211519c

0d7013f65ca9395028004731a567b443a7f58f64659368fb7df96e8839d9d57f11597b5771c7cadeb

b88e0cf9052eda64c9bddb3cf52386e83cc460a9a01764d98f8009e1280caab60b521887e89522847

77ec6d7d09dfdaa87224d1b0cef2fcabab35ecf4c73c007d1bb2896619cf2bce33cf86e99ca416525

2e858a35c152f4350f88580196335def72329aec731bfe2852c72a31f0f07b6142cff230bccd1d6bd

9129156b8f5d312a505bb17e1ce0ac2b77ec7748ea72809507537a0ea78dbbc176b0e2dcb292bc0a2

f4469009f45ba5210f5de8cb64c3e7eebcba5d774b3a4f2f5067635fc086b9e269bc5985ad8c6b1ff

5830ef12fafdb676e04feb8cbbaa5a04496155f31b4e9e259cc687b44fcc58d95885f1033eecb126e

fc7965605daa594475a8ce873a486af3a2f7f99378dc0788917dd2e860b83f6361f1bec5cd8ab4c4e

094a200396d61c6e7ee9c60a1908d9b69d1eecc4e7294f4d793436c7bf8519d996175a6d0e4a29076

fdaa4567b0e4309f33274e45d4682c11303f8bbbe3fd0d2ddf6ab824e636a742516eb63433c387e2a

20ff0e0ff2435831c750c56ae2f4400432ece0cd1b9dc76e79044af8e3f051c02c6f016d3086994fc

d259af22f592bf451c4bbdd13c04ae88aa20ea09ef89d8674206897259e780d141b5d8380ae685b55

5b1a5d48d9dba02299efae5c03a7e3ed03d41660c4817b29bbe2c839e88797d059d50c93efb7b7de6

491bc5b8d7531a0d4dd9ac7452b0aad36b59ab147641fa80d52df111c8946f5650dda11c31d7137d0

b7a2f2fd5a7969e20f6f86d2aa9957b34e1fb40c2ff022609cb4f7bb3c02bf8a98d4dfafd93878d5d

3488ed101435b6a6a557d3c8b6a1d05761706b46b71908fa98818d58431ada2b8090c12fdb6cfa9dc

70e1f3c0c035675088b891fc448471d68f561ea4e942ae33b7a55aee8b5cdeaea6331fd4bba010dc9

5f6b2d6963d442ab9b6760036895d66ede7faaefa4b69cf8b005b09eee3c6c8ee6adbcb60e53985f9

0460c4639a68908fa0f3564c7d6045198441f937bf105703eb1db883c3cb493f82fcb1ed52a3caf5c

0eb78990aa9a808003cce36d7d7e4847b815fe42660633d323633112b2ceb5d29cf71c15d58a9e0e9

30e80af5b3ac18ff348a987242672b7b2aeb2a18bd33907154c6146c10cb95d57c6779bbb9dccedc3

60d841c8ff341d9c1660d463fdf0a5542825fdb605c76ee60e967924dd9b495c91336b8a4fb570fad

f082abc819d8754162255d60c112b53ebe9bd7d632c40e5f4f88b4f9d9e01397e7d231a1dcf405b91

8fbfee495c907b0bdeffed27f70680ea1c76357582cdb3816140172a3f7f9e66f55d3b626fbbda886

8277cb6d1a075c3785adea466619b9e2bcdc6444aa1dc7abed798d1c3cdf9c644082ed09cbb808c1c

89150b5ce1734e3f4d4a9c1e895d7233b6e125efffe0dae94f44ad5bfd2d505fcf1320016c6947ef4

634fcfb64190c1003c4cc496df764c2ae27577a371f1d5f07caf3d1346fba1528a72b8d7d735b16ae

5ec21962a0b4107a95356370b9c7049f0d35735873fc3265c08cb2072f9a0e692857b1be208d4a7b9

50d55cb25c0eda00636ab0011862c3f5152d70f4b016c7fdae0f419ce76099f404e0da3090b817695

2695dcadb11e6f25be98f99b9138c77e2935b61609af6b62f0b4df9cd38f3bf91ec18cc3dafb779d6

451058b478591bd517b1b2e9763f55b4e5d9160091640ba463f583fe517c3d203048dc79c9ce95b23

0a62bd751d61db7cc531d8d03c5c5e0708b86a73cffe1b10efbd944219ba8049a45b11718e7b6878c

804be84be28a3ac561b6091029c009f21b64f001e46af9d9bcfe2bbcf4fb87ecce6986589243c37bd

e7ef4823e481eadfc8d09f73ac0f2f93dd8810c0c99faae3a14b7260071d66b8eec2f43a31e89a85c

7e0d6fcd4927fa2cc6dc9b5089497694778bc79bbcf32dd21a07a29b81cab0ace13ee2b13c267939f

f1061cf929364672ed69cfdef512e782ad835d400d5fd8033d472053946d8e98f7ebcd350002aeff1

06fb2094c01443256465d13547c6d7eefb4ba4b3680d7d041f2e92a2ea1731f4a8043aaa58c3d3a07

3b85c057f25a5bce1a85f02f305d1525626cc858960e13ebbf8d185dee645b2fdd9c08dc6cf7bd1b3

8cf58d3cffb63c9add7053c45564a294e8e0cf6e7b060323abcee315604ec29ba53a15a7b7a727a65

b140ea775aaddc0d7c31bad57aa74bb24a1afe45a29e03cd37ddf8b4060f83c307918e47612bbf888

2fa99d8a995a0041115a0a44e491935dbfc8d332c5691925df86bf78531d5db5999b3d4d699e0f7f1

9ffde7b261043c81022d9e36c4bf029346586f6615a720fbc9fe33df6f1ff093be59a12d2492d5843

6f94d9e55d8de70f21be203863faa15d41c077a35604563e1c328e9175713a978424bb81c1b765a14

d98778682835169cf03e1c7c3365f5067d03a00d162528ce0f6dc67ffc051d1a560fb7228e67feaf9

0f7209f15e1b8a386e7bfe67868a06e96ec4c5a781e495e404f0f965b675d3d6a814d8694f3d40c0d

83bc20dbb71bf7893e3bec02df71826df7df487e71bee76c843f13476bf24eaae4e186e3b999de6ff

0e413894eb13c23299ad4bd43c713a9688120662d656eecb771bea394898e14786e61c69e4bffbd2d

b85e7954286870a1e7e3773bb5db6dfadfc4b1e4fefea1a18a4db538840832bcc4d0fae1154b5c5ea

ae3dadf297c1a8b284b1f3c5b619f7391027c33926e7bae9965289929b875cffdf58522791082e0bb

8534fe2c7afe27471d256c4fcbe7410f15f56615e3e83b5115ad60d59d2bcafb43f3b1bef4734428f

6fe5f37031b196ac4f241cbe663236e8c6bfc5d181649273c2714034612e7e53b4678186a727b2e20

fc3a4fa3b1a484bb2cc1c64d8c7894111e9fba4f93b270088e560ea4e475ccd5a463bdf5ae4c55403

14f4d1b4ccb223565be33186fda62ff6add815103ada50dd9d95b7268abbc0d9454ff4adb767a009c

131ce22fcd0347364b2d8ea14a829a133bcd813a55482f6920835b50db13120f4c2eb6217dc58349c

9c6751a1b7cf2a244a0cda206ba45cf904affc1ae1960bdd071bd7ab489ada64148e320192565178b

2ef39f6dff6a95cd5e2c4b11e7020c98d38c814273c82ce85c254757a5f4680f655684e2a1e175ded

497dbc5f8557c3ccfcfb01d3e29976c74dc1025547251e6721a1ca490b78c60ae2e00526ae49c25f6

1fbbb86f65f663bf15dddc2da717d9393feea5283e45301f454f875bae3e90616de108bd9de7185cd

9cb19b5006d54742924dce22d231757348caf2657c5421b14d02f8c58543bd21cfb04476012db6a23

c85d1266cfc998a4f6660656d3c8c16fbef9ab5007c6349b6419e3c330fa70c48807e42aa8b13a84f

55c1b71b4a184fbc6ddfaad2ec599354f8c8d32fd330ed302b5d0b23f8a627373dbef5ceb7cf8032b

c6edac085fdae02c27cc9253da2d9adba2d756721765e9fdf48059489f24d29c29b91dd60d6e9fdca

76a918a4a42bb4af2ecf3fea223f48fd9cf8efd8dc069b989e9c0eebaaa092ee328e7196ae00ad6ad

6d8717cc7d3539b6161d6c9eeb533ef041859d0ac82323cc36b2886a1dfe837f9d1650400b120fed2

40a70911a45c8fcfb77876aea5504f45b6d6d0c6c6686284dec1b3c1dde330da17e174978ad10ae2c

12375c3f730748f8016835b65c4a5b74e516199a6920b98f9eb445ba165c450a10157a1d14c26643c

343811c61a393a11287976a2e5379e40c307203d9d88134139fc27f78221ef3640b8fdd93093a473e

ff0023f1a053e56b4dc0f25c8617e1d4fb9ecac53d6566d5549d89bed5770ccb04e05dc5619a8271c

1319fb68198d4cace3aeaa8cd394e471438fd340438d24ac1bec89359e4afb78425346a7c6d7c8371

82076d875821faad233f5ae7b5d497afa7296323ac0c1b3ec459f112ac4b8445a184b1e56c99180c9

dd46cedcf166a013ec8834bb71a2813fe3902b21db08e4dc3c7535647690c25cf234cf88b06e03852

ed46cb88d19c484efdef3c023cad46884dc3c921e0039a413e197c53dffa99115014511d44c11ead7

d4fdd448a432114efbf7699096417ec2f58ca66bcdcade2c8fb5c8ae8f64f0d9651c5347936922f86

96ec347267a191c60db0564a6f72dbe6398fc770588e9b95f5efdff4c978fcc96e9529d16d3931c1c

e579bb9610af1baf5a54e95580e185f28e4101e6bbe4e134490f1f7bad767229f00cd0eb551a32673

c8e972e46964becba6e69e228769f974c8831ca348841aaa53d4d49bc5ff94fd1f10feba0dad0c410

ab8d3dddda78515c65fd9170f334850903b3399a8ca6f8cde0225875d6b776c4284583be1a1080ed5

d164557329fc8add2179cc50e19b84a33cc7ab23072eb71fb3e456d3066b3b1fbfb7a576539f491fe

da107fb28adec02f90957e8cf62aab80ea218ad264a3721009d2ce844f596964e347e949471d98e2c

0256bea6f063c57be965bd5fdef45724dc5b39bbef6d747b463e2728fbeffc9cd8b2549b4e42f2860

3e44bf5e4571b53f91fc0d91ccf5630f160d7215a8abda57b83d20d19dccf70134d4be55825249df9

b1ee450c27b9524d1eda21adb4a53e71114f92be2062fa466caed60a2fdb98abb33d441bfe8b3f6ee

adaa79697004bde75c53dba9fb055ab09e38ae2dfecffe3923c62bc685c20dd672edffeaaf009fbe6

2a1cf332ff0ff8da25dafdecdbc2fc2329baa4de2d3d36242e75d3d86e06781d4eba7dcb1c8f0a7a3

3a036b9eb1a7a5bf27fcc63c480c7e9bd5a33a234a60eb91bf0d0a0b0c2cd95a30d2eb53f4b9e696c

b90887cfd95e84a0466ffab3614665da5a27a612a44cd1d1a4b7336e7dc197cb1e600f7f3499728b6

3c4f9204ecab79a06696eaf4b7fafb4b528e5440b2efef7640f31b8a763ac7464506fd18b44cadc2c

a0aac52afdcfc550eca4e48bdfd65c54fa012fd29cba54c64e63248cdd61f892b997eaf2d729aa7a0

47d02be547a188a3cf04a4b98f013f77e97b790d994e95439b99fc6b495d8594c448f30196cbbfd99

67218200b7529e614bf8a9abf47fe597398049af67c4d1c9a4fd9af83f30cf35bbb046248872a911b

3007b2ca26595e21576791b45391f718ae2b6653a68cab90066189174a47ff7d049aca187f872bb6a

169ea8f16e7529b77aae72059f7726fe0413295779ef5fb745ae9e99099b0489b3eb2ac6d0cb79220

0bb5e57c2ee6c7b33200

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 135664]

R3 CFcatchme;CFcatchme;c:\users\Antes\AppData\Local\Temp\CFcatchme.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2008-07-07 25600]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 213120]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-09-03 37456]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 142424]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]

S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [2009-06-17 17992]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]

S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2010-08-06 26176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-13 19:11]

2011-01-19 c:\windows\Tasks\AWC Startup.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-14 21:19]

2011-01-19 c:\windows\Tasks\Free File Viewer Update Checker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-12-06 16:25]

2011-01-19 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-05 15:47]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-19 c:\windows\Tasks\HPCeeScheduleForAntes.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

2011-01-19 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-10 12:53]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-12-23 19:09 83696 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.my.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyServer = http=localhost:8080

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Refresh Pa≥ with Full Quality - c:\program files (x86)\Propel Accelerator\pac-page.html

IE: Refresh Pi&cture with Full Quality - c:\program files (x86)\Propel Accelerator\pac-image.html

IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html

LSP: c:\program files (x86)\Propel Accelerator\prplsf.dll

Trusted Zone: nbc.com\www

FF - ProfilePath - c:\users\Antes\AppData\Roaming\Mozilla\Firefox\Profiles\4v4j0vpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FinalVideoDownloader plugin for Mozilla Firefox: downloader@finalvideotools.com - c:\program files (x86)\FinalVideoDownloader\Firefox

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Antes\AppData\Roaming\IDM\idmmzcc3

FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Shop to Win: {46d606b0-a645-11df-981c-0800200c9a66} - %profile%\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a1,23,98,13,80,02,5e,65,69,62,2f,ab,e5,a1,da,fd,ed,5f,e5,98,02,

44,e8,36,f0,d1,c6,4a,2c,86,05,a9,db,6b,c6,ad,61,33,83,88,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{cf0c4bbe-795b-49d3-9c15-a8bb9cccedcc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000136

"Therad"=dword:0000001b

"MData"=hex(0):00,3c,62,a2,9b,57,4e,6e,1c,89,3c,8e,cf,82,1a,ba,1a,10,80,d7,56,

1b,7d,e6,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Completion time: 2011-01-19 14:25:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-19 19:25

ComboFix2.txt 2011-01-18 03:35

ComboFix3.txt 2011-01-18 02:48

Pre-Run: 314,907,430,912 bytes free

Post-Run: 314,833,707,008 bytes free

- - End Of File - - 6ACD4D3F9E73392C6CD60D3A02F8B79C

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

On the desktop, doubleclick fix.reg and allow it to run. Let it merge

Reboot and run a new combofix scan

Link to post
Share on other sites
ChristyA

ChristyA

Posted
  • Author
Posted

ComboFix 11-01-17.03 - Antes 01/19/2011 14:55:35.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2635 [GMT -5:00]

Running from: c:\users\Antes\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))

.

2011-01-19 20:01 . 2011-01-19 20:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-01-19 20:01 . 2011-01-19 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-17 05:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-17 05:40 . 2011-01-17 06:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-15 19:49 . 2011-01-15 19:49 -------- d-----w- c:\programdata\KingsIsle Entertainment

2011-01-13 12:46 . 2011-01-13 12:46 -------- d-----w- c:\programdata\ProcessLasso

2011-01-12 15:30 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 15:30 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-12 15:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-12 15:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-12 15:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-12 15:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-12 15:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-01-10 22:43 . 2011-01-10 22:43 -------- d-----w- c:\program files (x86)\WinUtilities

2011-01-10 22:43 . 2010-07-26 03:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2011-01-10 22:43 . 2010-07-26 03:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2011-01-10 22:43 . 2010-07-26 03:23 33968 ----a-w- c:\windows\SysWow64\anim.dll

2011-01-08 07:11 . 2011-01-08 07:11 -------- d-----w- c:\program files (x86)\Text2PDF v1.5

2011-01-08 05:17 . 2011-01-15 09:45 -------- d-----w- c:\users\Antes\Calibre Library

2011-01-08 05:16 . 2011-01-15 03:00 -------- d-----w- c:\program files (x86)\Calibre2

2011-01-06 03:14 . 2011-01-06 03:14 -------- d-----w- c:\programdata\Trend Micro

2011-01-06 02:47 . 2011-01-06 02:47 -------- d-----w- c:\users\Antes\AppData\Roaming\Avira

2011-01-05 10:26 . 2011-01-05 10:26 -------- d-----w- c:\programdata\kinoma

2011-01-05 03:11 . 2011-01-05 03:11 -------- d-----w- c:\program files\Perfect Uninstaller

2011-01-05 02:17 . 2011-01-05 02:18 -------- d-----w- c:\program files (x86)\Glary Utilities

2011-01-05 00:31 . 2011-01-05 00:31 -------- d-----w- c:\program files (x86)\Virtual Villagers 5 - New Believers

2011-01-04 23:45 . 2011-01-04 23:45 -------- d-----w- c:\program files (x86)\Ace File Shredder

2011-01-04 23:36 . 2011-01-05 03:45 -------- d-----w- c:\program files (x86)\Uninstall Plus v4.1

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\WinPcap

2011-01-04 23:06 . 2011-01-04 23:06 -------- d-----w- c:\program files (x86)\Trend Micro

2011-01-04 23:04 . 2011-01-04 23:04 388096 ----a-r- c:\users\Antes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- C:\Trend Micro

2011-01-04 20:53 . 2011-01-05 02:23 -------- d-----w- c:\users\Antes\AppData\Roaming\GlarySoft

2011-01-04 20:53 . 2011-01-04 20:54 -------- d-----w- c:\program files (x86)\Absolute Uninstaller

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\users\Antes\AppData\Roaming\URSoft

2011-01-04 20:51 . 2011-01-04 20:51 -------- d-----w- c:\program files (x86)\Your Uninstaller! 2010

2011-01-04 04:00 . 2011-01-04 04:00 -------- d-----w- c:\users\Antes\AppData\Roaming\NwDocx

2011-01-04 04:00 . 2011-01-04 04:03 -------- d-----w- c:\users\Antes\AppData\Roaming\Docx2Rtf

2011-01-01 15:57 . 2011-01-01 15:57 -------- d-----w- c:\users\Antes\AppData\Roaming\Sleepwalker Games

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\StoneLoops!

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\Saqqarah

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\MagicMatch

2011-01-01 15:56 . 2011-01-01 15:56 -------- d-----w- c:\users\Antes\AppData\Roaming\JodieDrake

2010-12-28 18:40 . 2011-01-18 18:10 -------- d-----w- c:\users\Antes\AppData\Roaming\HP Support Assistant

2010-12-27 14:55 . 2010-12-27 15:06 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\programdata\3DVIA

2010-12-26 20:52 . 2010-12-26 20:52 -------- d-----w- c:\program files (x86)\Virtools

2010-12-23 21:40 . 2005-09-01 20:13 245408 ----a-w- c:\windows\SysWow64\unicows.dll

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\programdata\Recordzilla

2010-12-23 21:40 . 2011-01-05 02:55 -------- d-----w- c:\program files (x86)\Recordzilla

2010-12-23 21:40 . 2004-03-18 23:11 751616 ----a-w- c:\windows\SysWow64\VBOLock.ocx

2010-12-23 21:40 . 2003-12-22 13:20 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2010-12-23 21:40 . 2003-12-22 13:20 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2010-12-23 19:00 . 2010-12-23 19:09 142424 ----a-w- c:\windows\system32\drivers\idmwfp.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-31 18:58 . 2010-12-02 01:56 23104 ----a-w- c:\windows\SysWow64\svcprmpt.dll

2010-12-31 18:58 . 2010-12-02 01:56 30976 ----a-w- c:\windows\rascntrl.dll

2010-12-20 23:08 . 2010-09-21 03:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 16:13 . 2010-12-15 22:46 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax

2010-12-13 13:40 . 2010-07-09 05:56 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-13 13:40 . 2010-07-09 05:56 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-09 11:23 . 2010-07-23 04:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2010-12-09 11:23 . 2010-07-23 04:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-09 11:23 . 2010-07-23 04:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2010-11-30 21:48 . 2010-07-21 23:22 16384 ----a-w- c:\windows\SysWow64\msdrve.dll

2010-11-04 06:35 . 2010-12-15 05:28 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 05:28 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 05:28 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 05:28 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 05:28 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 05:28 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 05:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 05:28 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 05:28 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 05:28 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 05:28 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 05:28 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 05:28 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 05:28 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 05:28 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 05:28 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 05:28 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-10-27 18:28 . 2010-12-12 13:39 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-27 05:06 . 2010-12-15 05:28 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-15 05:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2010-06-28 01:44 . 2010-06-28 01:44 962560 ----a-w- c:\program files (x86)\ePubMaker.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-01-18_02.47.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-09 00:38 . 2011-01-19 19:55 66666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-01-19 19:55 57962 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-09 03:05 . 2011-01-19 19:55 19588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1719504641-4281115936-1006895277-1000_UserData.bin

+ 2009-07-14 04:46 . 2011-01-19 18:24 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-07-13 20:38 . 2011-01-19 19:52 3924 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-01-19 19:53 . 2011-01-19 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-01-17 23:50 . 2011-01-17 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-01-19 19:53 . 2011-01-19 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-01-17 23:50 . 2011-01-17 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-01-17 20:49 321804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-01-19 19:52 321804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-07-09 03:00 . 2011-01-12 00:49 3704552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-07-09 03:00 . 2011-01-19 01:45 3704552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 02:34 . 2011-01-18 00:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-01-19 19:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]

"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Propel Accelerator"="c:\program files (x86)\Propel Accelerator\PropelAC.exe" [2010-06-03 266375]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe" [2009-12-09 240480]

"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\users\Antes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= 7a23df767d732154398173335d1012ab3314bad9742c1a03616d857a0f61eac5034f06fbfebdd871

1a34569516435e1aefc6ef56b06899e88a67329d2797cb943caae2a15eaed9f016d7a7ebd3377fce5

d6f6b8dd71d505652629682177b5b44dc4ebbdc30424f0d1954f3d0fb67cd4abbdc8afc2563eb3a8b

1181deafb2b43de3600a5a6f54a65a33fd0f388e4f34ba7e5eaca4082b422bdab5beb0ac2f75ab9ef

39b20c5273cbea98838b4476b97bc06ec1c58ed471d5b128691ac565d6b474f5226848620a29ce35e

2e69655ce66d164e3f163face040d8d8b4fc42013d9038482bbe0322e32d4aeefe07b6fa27e450d3e

bee6e02fd1df963184c28dae5928e421fcf57a6f585cfb4b0ea236e953b6c230d52e99e037b8c9d8e

84b984d0134a531d3cd6d66053331bbbff39296e90c9effad0930e7b86a3036d818136aa8967cb558

c9ac3fb2d3f7e0d696f7f947a8e7020fbd866014e3c65ba3b6e27b3d938192eb210a77c22f0b97100

627e1580da689c5849789922efbb6e0271140788c82b3dc8d8c709c3080fec2fc9ffbc154a1fb94d5

90fcca9cb640c701fb2860e5eea3e0945e77137a6431d2f0c6fc3fd9e036c1a4652ea9a124260a8da

5a0530231d24db43976740c635565811feda1b33452e88ea66395bd5bd32c0fe7a9117d59e6bf8251

8ff74462e8c9e941f664a21074915a702eda6c194db325a497e4665987dc1ce0d481fb1a7f1fecb7f

3eda2dabfc1c38629653c561c3e6c1a48d4a1948d9fb87c06a9af1e9f90c7ce37a8853c1fbeea385c

e5bea4beafa72c48f1d18e6298c52e2771c7157ec8423c5566d3b44bdc8b5768e64f4baf8c04fa297

1dcca750d82b1c7cf9f727614802f8595b141c1eba3157f3e9daf97953df5f26ec75bcf415881956c

0539b70d42d0587d3a67db7bad293e429e57ff2c300aa39d84b7133414425788c5656ed59ae513804

4ae77785fa53703194ac108c10cb39c1a1c871ce9cb3566a282bdf3e9f2ce4523729e1c6e25bf7c27

35833af01e713a89013462bee7eb415dcf8becd6e50c7bfb56af30c9a922e7f0d1071c360fd40d4ed

b55577b4ff4c475ff0e67c008ec20165c336a5b175a11f51acfd5031f3b4c92f00b58dcf97c61831a

b1ca041c6299a2eacb5801d3b30d21e96475a5f83b5b59f105c0fe67d942e7456c3b2f7e0e52d9b01

b60e0bb8b4e64dcf141517b6d7a70c0e677185607a5d910e39023a8aa2780bc52b6aceeba86c9a4d6

e8f0e9eb933d7634b1d78a556c94ae99c02c161d5aff26451f0521cde6ac17fecbadec780ef011d86

05886f1dd98260ebc7eacee6417d58c571c91eb41f87c84cd62acac242b8e65fddd9f230ca2ddbfe0

1e3ea80ad8846d0d21cbb1c336bb99e739aa0ce7a013ad61a388946f3c975c40994159c97e278c36d

be12afbae2bf9b5c0c57d00a5f8322d306cfbdc71a0022f4c6a76c94a9f6d8847bd384f8f42b776de

989e2e0b8e7a53ee7c3151b0876fda6e0c2e2ddc8aa8cfd52a286c13d305654bb52575eb74fd4ccff

063f1aaa85805d09298d87db073be7c08b53eff05fe93a2d8fe9cdf6eaf39efeab6952dd59c64b04e

b31e2f63051f1b56e64957b498b32abe768b70752d7eb23231e69471a4befce7f6cd57c970996b3c5

43de3b45b6e5421da4fca2514f656357a66881ca24a3ef62f6a2db245cb034d651ec6ab66e9f756b0

ccc183ca90967808c8e8756ac8cb596cfeebf8907ef477cd2e1b4a8363860d07e6801a030277e3688

1902e024ab4f28013f560ea68a04949f3b5e802dded05d3cffc2c395926dd85592ed179ee997508c9

08cf06bf78e8327a7137703269a98238e1b3807d3b27d56d14276b12b2d0a361f088bb9bcfd8e5150

6dfb1720d9602a5d028bf7534f57b7e270c638324150e1a3f17bf00363ac0704d43de7edbfcf7b8ff

de2187b31a2037263c704341deb1259fe91831ea7f28fac2a25016fd09f8e1d0e5465f4b41f074268

64592b53f4f8a71a31ccca1072e048a9a9713832424418c04f3d1267e32e7dacbbeda73c24a9d2de1

87e7ca6ab8846e46ba5b3c97c719a758f3692fafa43bebc26b0e72f4042cee23190c0bdd1646a8657

64efaa14f2383b62508b35d7086005be8b704cc7180ee0fddfba13f967f439552d4e64648dc57220e

6bc514a64fabb625c93af84396c12d3294e9509867a8b024d47f77ed30cea22b3400cc10be078dae8

11cd62fe0781c39d257924e066d7eb27fb1480c8354e5402a6e32332833e754a4df16b7eb1d104b84

0ac8dee6ff281fbcc91caf3add29a10f560fef643acb63c6a8f4429223143bbfc2bfaee9ce8313a22

51435ee9a9755c74b586c5a5218736301fed235051e5d3b8e9e7accd0e8eb11282d2a749e48388426

7efa315c0ab5b6c854415e171d793095d2f7db16b2e4167856e1d3c06277ac9b6547c70fc11d7e44f

48e4ecee8cf464d145e484df0ef164615bcec0b75ff4f9492d3a5dc11da5a5a8777181cb2d38b1ecf

d7343ad8f7747b18f92e25c5ff19edb09c1046577956dc0e608150698a371a9c901c3b5e530eb55f8

5b809966a61f76dc5a030e8642d6328354c7269694dda41e36bf8b234803845883fdd0fe344620d3a

b3e5fe356ec8908359fc0b28ed59de4e25bc47f1fb6bbc317c2fc13319948f85fb63f69505a2e4ae6

2f2832ea2c5871ffb89552d412379d9ef02960c666f240efde0acb2ada566cfe7d4e262e1162b6545

b952722cedfa1eeffd0816e5977afc012822cad5da6eb2ee242e22f6b3f6094e03aa17a75e5a0bf22

aa2cc453923e71e1668a7a421354e1fc539d85bc608afe3974ee2cdf31ebdd17efc652ea1d80950c3

5fd0c1aef654f20b5cb375e580d374c01fbf0db6abbfffe4e6b1a691d095b98f590db14ce6483f2f4

f01f9cbb8eb4d36ea714f5881bbdaf7c27e3acc8bdf4391e09671ff046d8995fa20c66fef1d61dd9a

33bc1b6f3d4959a6274318f640bd6a559caff37be88386fa565330c62ad196388fe1ea414ae585fe7

67d1477a14db35cd01eda370a03d092be643af4f77da507b053a54495170a1d49e04b37766d8efd64

d53342353bfb49a4df0024e96276b2802358a2d13e417ff709200a7921fbb91c10adad83fd6e0c4c3

b35391285adf12736739e9d6c3d063ea435bdf5f65b1e66d116cbc18cc4a35b22ed3caa1963cec621

c8c98cec7fd2c9d00a579284755197325c2036a62e25c6b779990054695a2000976c09d89331b1e90

b9d2f689a0d5fcaae553d6576967fdf7874dcd45a22ddb52164189c96f39d877d9df7d0bd8f7361a3

a695e6649a2bf5f4537a8ea11cb40622c331adce3d90ab0c55e3634588470cb0a4ac31f6a588e4baa

989e4a7bfa39793731969c5e4cd959cf3b804a8f864351c63e3f2c0a345449e06accdb80c73d2dd90

fb036d511026ede238be1a1cbfe8212bf90c1b0105d600aa2078282dfa00551acca9111cb9c1cf1e4

64c822f4907baab77485ab98643a382f27986708aa29a8a6f22b55c754ef8aeae87f360f3b8372be4

466124a9ab47a57e3c7b39a90a2bee0c71d2952a142dff796f8447a35debd822e197a1d4f1893ce8a

bddb8ec0f9d1f10815e6b5f3ebdf9b13567a75bee754810fda0af52e489fdbd19d1e1f034d80e724c

3cf22329a8c6446104ef162b8ad17696e5ec26f909f4a336bd6a38feaf475483fb92098971712e299

acbddfee0fb0ee45bfbeab9b5a5dc2b9104c05fe5679bd5edf213eabc839bf13120d68ea5627abaab

472d8390d9fec6a72c8aac5dc53ee8b1d1a3df516c8d5a0bd2b86b3dff4d8f9a135c172d1112e704e

7a91a6c9eccd82cd5b52bcfd69892f9ddd72e955518b7e312af5a1ebced2f56d10f12092efad212d8

112e44c2a4214be111731d2d50ae2627b54ec8c10ac5223d01d2e41a64ebc75b177a2dd69bfbcf725

b0bfb4e0e81cce3c11275cc71378a37e8791308f6fc22363254acedc92bf7fdca0b09906f288eac8d

2b538996b0a1d7f386215d5bc87c8d64b7452e02e0a1354eacb3209cd5b17dd0da748490d1cd138dc

16e91afe9cd234704a013ae68e7f1f57178f2cbb8b9150137926b7ab8e959d9c0b6e6594766ce5da9

0a0048c88cc882b6e0de1295aeabeeae32e98a9fb291ef4c7fe381e1fb41e92912f7768a95fc2366f

b7f62932e1655484b0e647865633e466d7906e25bdaee39e0dce8cc47b29d22bda9053c9d65035fee

558bad37b9edd157f7dbe7d30f9e47f0814ed986544c90365bf24d0a93245365ab7362a6a0125301d

da0a72c7d08a0fd72b1bb514226a72274ef9c75a5e0dff9f0dc7bed45191dd45d5bb7573aa663a133

9a2fe0b5a7dd3c6786f596162c17037d5ce549f98d1a9c301561bb0baef42a9c528c8c1bebdcda861

0a8ac64bc2358605e425f53eeb378b584570482707e403f5dfd6ffc94a20c0e807d51d9dcb26fb953

63682e74f0601dc538b03683f5a14f1a94613ef018c94b5184e828ede43090c70acb39d528ad15ff8

0e1c368c519c1beb45c9b7f0ebf030f6c7d9439891a793bb2eff40cfde6dbc51b7039dda95524328c

2c43e7f1ed0fed88c5a2261521fc8d020a4b0f84e6c9d9a666eff7de2c6d0c137abbc7012a18456e1

f0a4139554336ea6f60cec589b2ba13d1c5947fc160c8d50e289b154c84bd351fd6fa87fe898b2135

60c5c4574d3dd7be0a75a5f6aa8bf351751ed6b6cab1b72e9c176cdd3530b6836cfe72a2b7c7dcd57

f947eeb4e6b06094e132c6e3b4bc61accc5626deed07145125f7bdc404ffd142a8f86b1b6337a9b7c

e789ee93f4af5c54e7a90b292cf6ebfacf7d23b87c2a27fdd8e0d0ffe0270e2cd007bfd0bd48f46d8

b26b98765f0813512ec1b63c2eb72ffea274f10db1cfb288995f0f29ccbc538e515b300013069db54

7b00c5dacabdaf8111be9ea18ab8b513b7fa3960c690642c15f2814ef2df4509667fb595ea2d18220

e3b422a8586fe6ba467e6c5243730d30a598e8f9943ad68a4739d6d2da79657632e11dc0442042ef1

e9eead227b26195a715cbda8a970b0b6010e4efa99a5e7c50fd6ced756bcb136f6e2df0121e97822d

9708dd57aa5b7cecd36ed9526b84d43b811fe8d0c2a1d3fbb69d90ef9befde7dcb13962a85dd8e85f

06abcb85d569f5ccd2fda92b32a224ffb155bf74a8dfe2e8871beea9c966bcd76bd16b353c276863c

158a5ad06e80b644bdd6cf2fa860bf3c6c99c845223fbbfd85b4c4f2bb16d262d7ba4051a2d6b5d89

b7d49c03cd1e94f7f74fc62a13f46bc26370d9e1dbc7b98a504449eb0c8885e073dfbd18e464311ca

e8a16aa0fed4efb3602e3bdf011b39cfaedcdd6a82adc3f091e5358b2728962854de0184a8e42d8a3

b8194dcf09bd4b0fb2b55dda1ee2c353f5d3f168ee0aa3c253f62d9405918e8bf1861be72a413e293

d7f2dd1e94f18cd61b8e61994bd547f646f10d91f0c55f75f5dbe9ac0d9ebf0d7fcafd56e320aa7b2

d5ee33de76e35fdbede4ad34090c8dbe4b376cf4bf1a0dbc5eabdac17e250ca7cb60c29e9153bfffa

95ec61c7b9221cbf94864e4fb3067ef26f217c49b79e446e107f2585d9312395d4059996e2e322cc0

e3dba53cd4321fa845680544bbe4f0df19f767b4029b37582103b68433ca4a759c1029f032211519c

0d7013f65ca9395028004731a567b443a7f58f64659368fb7df96e8839d9d57f11597b5771c7cadeb

b88e0cf9052eda64c9bddb3cf52386e83cc460a9a01764d98f8009e1280caab60b521887e89522847

77ec6d7d09dfdaa87224d1b0cef2fcabab35ecf4c73c007d1bb2896619cf2bce33cf86e99ca416525

2e858a35c152f4350f88580196335def72329aec731bfe2852c72a31f0f07b6142cff230bccd1d6bd

9129156b8f5d312a505bb17e1ce0ac2b77ec7748ea72809507537a0ea78dbbc176b0e2dcb292bc0a2

f4469009f45ba5210f5de8cb64c3e7eebcba5d774b3a4f2f5067635fc086b9e269bc5985ad8c6b1ff

5830ef12fafdb676e04feb8cbbaa5a04496155f31b4e9e259cc687b44fcc58d95885f1033eecb126e

fc7965605daa594475a8ce873a486af3a2f7f99378dc0788917dd2e860b83f6361f1bec5cd8ab4c4e

094a200396d61c6e7ee9c60a1908d9b69d1eecc4e7294f4d793436c7bf8519d996175a6d0e4a29076

fdaa4567b0e4309f33274e45d4682c11303f8bbbe3fd0d2ddf6ab824e636a742516eb63433c387e2a

20ff0e0ff2435831c750c56ae2f4400432ece0cd1b9dc76e79044af8e3f051c02c6f016d3086994fc

d259af22f592bf451c4bbdd13c04ae88aa20ea09ef89d8674206897259e780d141b5d8380ae685b55

5b1a5d48d9dba02299efae5c03a7e3ed03d41660c4817b29bbe2c839e88797d059d50c93efb7b7de6

491bc5b8d7531a0d4dd9ac7452b0aad36b59ab147641fa80d52df111c8946f5650dda11c31d7137d0

b7a2f2fd5a7969e20f6f86d2aa9957b34e1fb40c2ff022609cb4f7bb3c02bf8a98d4dfafd93878d5d

3488ed101435b6a6a557d3c8b6a1d05761706b46b71908fa98818d58431ada2b8090c12fdb6cfa9dc

70e1f3c0c035675088b891fc448471d68f561ea4e942ae33b7a55aee8b5cdeaea6331fd4bba010dc9

5f6b2d6963d442ab9b6760036895d66ede7faaefa4b69cf8b005b09eee3c6c8ee6adbcb60e53985f9

0460c4639a68908fa0f3564c7d6045198441f937bf105703eb1db883c3cb493f82fcb1ed52a3caf5c

0eb78990aa9a808003cce36d7d7e4847b815fe42660633d323633112b2ceb5d29cf71c15d58a9e0e9

30e80af5b3ac18ff348a987242672b7b2aeb2a18bd33907154c6146c10cb95d57c6779bbb9dccedc3

60d841c8ff341d9c1660d463fdf0a5542825fdb605c76ee60e967924dd9b495c91336b8a4fb570fad

f082abc819d8754162255d60c112b53ebe9bd7d632c40e5f4f88b4f9d9e01397e7d231a1dcf405b91

8fbfee495c907b0bdeffed27f70680ea1c76357582cdb3816140172a3f7f9e66f55d3b626fbbda886

8277cb6d1a075c3785adea466619b9e2bcdc6444aa1dc7abed798d1c3cdf9c644082ed09cbb808c1c

89150b5ce1734e3f4d4a9c1e895d7233b6e125efffe0dae94f44ad5bfd2d505fcf1320016c6947ef4

634fcfb64190c1003c4cc496df764c2ae27577a371f1d5f07caf3d1346fba1528a72b8d7d735b16ae

5ec21962a0b4107a95356370b9c7049f0d35735873fc3265c08cb2072f9a0e692857b1be208d4a7b9

50d55cb25c0eda00636ab0011862c3f5152d70f4b016c7fdae0f419ce76099f404e0da3090b817695

2695dcadb11e6f25be98f99b9138c77e2935b61609af6b62f0b4df9cd38f3bf91ec18cc3dafb779d6

451058b478591bd517b1b2e9763f55b4e5d9160091640ba463f583fe517c3d203048dc79c9ce95b23

0a62bd751d61db7cc531d8d03c5c5e0708b86a73cffe1b10efbd944219ba8049a45b11718e7b6878c

804be84be28a3ac561b6091029c009f21b64f001e46af9d9bcfe2bbcf4fb87ecce6986589243c37bd

e7ef4823e481eadfc8d09f73ac0f2f93dd8810c0c99faae3a14b7260071d66b8eec2f43a31e89a85c

7e0d6fcd4927fa2cc6dc9b5089497694778bc79bbcf32dd21a07a29b81cab0ace13ee2b13c267939f

f1061cf929364672ed69cfdef512e782ad835d400d5fd8033d472053946d8e98f7ebcd350002aeff1

06fb2094c01443256465d13547c6d7eefb4ba4b3680d7d041f2e92a2ea1731f4a8043aaa58c3d3a07

3b85c057f25a5bce1a85f02f305d1525626cc858960e13ebbf8d185dee645b2fdd9c08dc6cf7bd1b3

8cf58d3cffb63c9add7053c45564a294e8e0cf6e7b060323abcee315604ec29ba53a15a7b7a727a65

b140ea775aaddc0d7c31bad57aa74bb24a1afe45a29e03cd37ddf8b4060f83c307918e47612bbf888

2fa99d8a995a0041115a0a44e491935dbfc8d332c5691925df86bf78531d5db5999b3d4d699e0f7f1

9ffde7b261043c81022d9e36c4bf029346586f6615a720fbc9fe33df6f1ff093be59a12d2492d5843

6f94d9e55d8de70f21be203863faa15d41c077a35604563e1c328e9175713a978424bb81c1b765a14

d98778682835169cf03e1c7c3365f5067d03a00d162528ce0f6dc67ffc051d1a560fb7228e67feaf9

0f7209f15e1b8a386e7bfe67868a06e96ec4c5a781e495e404f0f965b675d3d6a814d8694f3d40c0d

83bc20dbb71bf7893e3bec02df71826df7df487e71bee76c843f13476bf24eaae4e186e3b999de6ff

0e413894eb13c23299ad4bd43c713a9688120662d656eecb771bea394898e14786e61c69e4bffbd2d

b85e7954286870a1e7e3773bb5db6dfadfc4b1e4fefea1a18a4db538840832bcc4d0fae1154b5c5ea

ae3dadf297c1a8b284b1f3c5b619f7391027c33926e7bae9965289929b875cffdf58522791082e0bb

8534fe2c7afe27471d256c4fcbe7410f15f56615e3e83b5115ad60d59d2bcafb43f3b1bef4734428f

6fe5f37031b196ac4f241cbe663236e8c6bfc5d181649273c2714034612e7e53b4678186a727b2e20

fc3a4fa3b1a484bb2cc1c64d8c7894111e9fba4f93b270088e560ea4e475ccd5a463bdf5ae4c55403

14f4d1b4ccb223565be33186fda62ff6add815103ada50dd9d95b7268abbc0d9454ff4adb767a009c

131ce22fcd0347364b2d8ea14a829a133bcd813a55482f6920835b50db13120f4c2eb6217dc58349c

9c6751a1b7cf2a244a0cda206ba45cf904affc1ae1960bdd071bd7ab489ada64148e320192565178b

2ef39f6dff6a95cd5e2c4b11e7020c98d38c814273c82ce85c254757a5f4680f655684e2a1e175ded

497dbc5f8557c3ccfcfb01d3e29976c74dc1025547251e6721a1ca490b78c60ae2e00526ae49c25f6

1fbbb86f65f663bf15dddc2da717d9393feea5283e45301f454f875bae3e90616de108bd9de7185cd

9cb19b5006d54742924dce22d231757348caf2657c5421b14d02f8c58543bd21cfb04476012db6a23

c85d1266cfc998a4f6660656d3c8c16fbef9ab5007c6349b6419e3c330fa70c48807e42aa8b13a84f

55c1b71b4a184fbc6ddfaad2ec599354f8c8d32fd330ed302b5d0b23f8a627373dbef5ceb7cf8032b

c6edac085fdae02c27cc9253da2d9adba2d756721765e9fdf48059489f24d29c29b91dd60d6e9fdca

76a918a4a42bb4af2ecf3fea223f48fd9cf8efd8dc069b989e9c0eebaaa092ee328e7196ae00ad6ad

6d8717cc7d3539b6161d6c9eeb533ef041859d0ac82323cc36b2886a1dfe837f9d1650400b120fed2

40a70911a45c8fcfb77876aea5504f45b6d6d0c6c6686284dec1b3c1dde330da17e174978ad10ae2c

12375c3f730748f8016835b65c4a5b74e516199a6920b98f9eb445ba165c450a10157a1d14c26643c

343811c61a393a11287976a2e5379e40c307203d9d88134139fc27f78221ef3640b8fdd93093a473e

ff0023f1a053e56b4dc0f25c8617e1d4fb9ecac53d6566d5549d89bed5770ccb04e05dc5619a8271c

1319fb68198d4cace3aeaa8cd394e471438fd340438d24ac1bec89359e4afb78425346a7c6d7c8371

82076d875821faad233f5ae7b5d497afa7296323ac0c1b3ec459f112ac4b8445a184b1e56c99180c9

dd46cedcf166a013ec8834bb71a2813fe3902b21db08e4dc3c7535647690c25cf234cf88b06e03852

ed46cb88d19c484efdef3c023cad46884dc3c921e0039a413e197c53dffa99115014511d44c11ead7

d4fdd448a432114efbf7699096417ec2f58ca66bcdcade2c8fb5c8ae8f64f0d9651c5347936922f86

96ec347267a191c60db0564a6f72dbe6398fc770588e9b95f5efdff4c978fcc96e9529d16d3931c1c

e579bb9610af1baf5a54e95580e185f28e4101e6bbe4e134490f1f7bad767229f00cd0eb551a32673

c8e972e46964becba6e69e228769f974c8831ca348841aaa53d4d49bc5ff94fd1f10feba0dad0c410

ab8d3dddda78515c65fd9170f334850903b3399a8ca6f8cde0225875d6b776c4284583be1a1080ed5

d164557329fc8add2179cc50e19b84a33cc7ab23072eb71fb3e456d3066b3b1fbfb7a576539f491fe

da107fb28adec02f90957e8cf62aab80ea218ad264a3721009d2ce844f596964e347e949471d98e2c

0256bea6f063c57be965bd5fdef45724dc5b39bbef6d747b463e2728fbeffc9cd8b2549b4e42f2860

3e44bf5e4571b53f91fc0d91ccf5630f160d7215a8abda57b83d20d19dccf70134d4be55825249df9

b1ee450c27b9524d1eda21adb4a53e71114f92be2062fa466caed60a2fdb98abb33d441bfe8b3f6ee

adaa79697004bde75c53dba9fb055ab09e38ae2dfecffe3923c62bc685c20dd672edffeaaf009fbe6

2a1cf332ff0ff8da25dafdecdbc2fc2329baa4de2d3d36242e75d3d86e06781d4eba7dcb1c8f0a7a3

3a036b9eb1a7a5bf27fcc63c480c7e9bd5a33a234a60eb91bf0d0a0b0c2cd95a30d2eb53f4b9e696c

b90887cfd95e84a0466ffab3614665da5a27a612a44cd1d1a4b7336e7dc197cb1e600f7f3499728b6

3c4f9204ecab79a06696eaf4b7fafb4b528e5440b2efef7640f31b8a763ac7464506fd18b44cadc2c

a0aac52afdcfc550eca4e48bdfd65c54fa012fd29cba54c64e63248cdd61f892b997eaf2d729aa7a0

47d02be547a188a3cf04a4b98f013f77e97b790d994e95439b99fc6b495d8594c448f30196cbbfd99

67218200b7529e614bf8a9abf47fe597398049af67c4d1c9a4fd9af83f30cf35bbb046248872a911b

3007b2ca26595e21576791b45391f718ae2b6653a68cab90066189174a47ff7d049aca187f872bb6a

169ea8f16e7529b77aae72059f7726fe0413295779ef5fb745ae9e99099b0489b3eb2ac6d0cb79220

0bb5e57c2ee6c7b33200

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 135664]

R3 CFcatchme;CFcatchme;c:\users\Antes\AppData\Local\Temp\CFcatchme.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2008-07-07 25600]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 213120]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-09-03 37456]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 142424]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]

S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [2009-06-17 17992]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]

S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2010-08-06 26176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-13 19:11]

2011-01-19 c:\windows\Tasks\AWC Startup.job

- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-14 21:19]

2011-01-19 c:\windows\Tasks\Free File Viewer Update Checker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-12-06 16:25]

2011-01-19 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-05 15:47]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 07:09]

2011-01-19 c:\windows\Tasks\HPCeeScheduleForAntes.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

2011-01-19 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-10 12:53]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-12-23 19:09 83696 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.my.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyServer = http=localhost:8080

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Refresh Pa≥ with Full Quality - c:\program files (x86)\Propel Accelerator\pac-page.html

IE: Refresh Pi&cture with Full Quality - c:\program files (x86)\Propel Accelerator\pac-image.html

IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html

LSP: c:\program files (x86)\Propel Accelerator\prplsf.dll

Trusted Zone: nbc.com\www

FF - ProfilePath - c:\users\Antes\AppData\Roaming\Mozilla\Firefox\Profiles\4v4j0vpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FinalVideoDownloader plugin for Mozilla Firefox: downloader@finalvideotools.com - c:\program files (x86)\FinalVideoDownloader\Firefox

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Antes\AppData\Roaming\IDM\idmmzcc3

FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Shop to Win: {46d606b0-a645-11df-981c-0800200c9a66} - %profile%\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a1,23,98,13,80,02,5e,65,69,62,2f,ab,e5,a1,da,fd,ed,5f,e5,98,02,

44,e8,36,f0,d1,c6,4a,2c,86,05,a9,db,6b,c6,ad,61,33,83,88,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1719504641-4281115936-1006895277-1000_Classes\Wow6432Node\CLSID\{cf0c4bbe-795b-49d3-9c15-a8bb9cccedcc}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000136

"Therad"=dword:0000001b

"MData"=hex(0):00,3c,62,a2,9b,57,4e,6e,1c,89,3c,8e,cf,82,1a,ba,1a,10,80,d7,56,

1b,7d,e6,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10j.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-19 15:02:45

ComboFix-quarantined-files.txt 2011-01-19 20:02

ComboFix2.txt 2011-01-19 19:25

ComboFix3.txt 2011-01-18 03:35

ComboFix4.txt 2011-01-18 02:48

Pre-Run: 314,900,148,224 bytes free

Post-Run: 314,848,325,632 bytes free

- - End Of File - - 12CF56AC0196A04AB263D6F9A477CD04

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I'll leave your topic open for a few days but do this:

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.