Jump to content

Recommended Posts

I have malware on my PC that takes the form of an auditory command to clear my cache and cookies. It only seems to flare up when IE9 has add-ons on it. Here is a link to the work I've been doing on it in Microsoft Forums.http://answers.microsoft.com/thread/d63f7e52-a87e-e011-9b4b-68b599b31bf5

My user name on the Microsoft forum is DONZRONE

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

To MBAM Sentinal - I have completed these instructions yesterday to another handler - DIETY However, I will do them again for you in case of mixup on my part. First the MBAM log - Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6630

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

22/05/2011 3:18:54 PM

mbam-log-2011-05-22 (15-18-54).txt

Scan type: Quick scan

Objects scanned: 170475

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/07/2010 12:27:48 PM

System Uptime: 22/05/2011 3:19:30 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0U880P

Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | CPU 1 | 2800/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 115.454 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 743.124 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: ElRawDisk

Device ID: ROOT\LEGACY_ELRAWDISK\0000

Manufacturer:

Name: ElRawDisk

PNP Device ID: ROOT\LEGACY_ELRAWDISK\0000

Service: ElRawDisk

.

==== System Restore Points ===================

.

RP558: 22/05/2011 12:08:26 AM - Scheduled Checkpoint

RP559: 22/05/2011 8:38:36 AM - Windows Update

RP560: 22/05/2011 3:14:08 PM - Removed BitDefender Security Scan

.

==== Installed Programs ======================

.

7stacks 1.2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

AI RoboForm (All Users)

Analyzed

Apple Application Support

Apple Software Update

Link to post
Share on other sites

I'm sorry for the delay, I tried to post this twice with no result..

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Home at 10:33:44 on 2011-05-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3037.1375 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Soluto\soluto.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe

C:\Program Files (x86)\DeskSlide\DeskSlide.exe

C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe

C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe

C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Home\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://yahoo.ca/

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [RocketDock] "C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe"

uRun: [DeskSlide] C:\Program Files (x86)\DeskSlide\DeskSlide.exe -logon -hide

mRun: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

uPolicies-explorer: NoThemesTab = 0 (0x0)

uPolicies-explorer: NoChangeAnimation = 0 (0x0)

uPolicies-explorer: NoDFSTab = 0 (0x0)

uPolicies-explorer: NoFileAssociate = 0 (0x0)

uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoVisualStyleChoice = 0 (0x0)

uPolicies-system: NoColorChoice = 0 (0x0)

uPolicies-system: NoSizeChoice = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoSMMyPictures = 0 (0x0)

mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ca/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

AppInit_DLLs: wbsys.dll

STS: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2010-11-29 54864]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2010-11-29 54896]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2010-11-29 37872]

R2 GenieTimelineService;Genie Timeline Service;C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-1-11 468096]

R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-3-15 724152]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-3-15 724152]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-5-24 376352]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 OAnet;OnlineArmor Service;C:\Windows\system32\DRIVERS\oanet.sys --> C:\Windows\system32\DRIVERS\oanet.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-7 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-7 8456]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]

S3 MatSvc;MatSvc;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile=NOTEPAD.EXE %1

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-05-27 04:36:25 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12EA39BD-57A5-4FF9-AE7B-2949D6C47706}\mpengine.dll

2011-05-26 04:10:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys

2011-05-26 04:10:11 -------- d-----w- C:\Program Files\Soluto

2011-05-26 04:08:53 -------- d-----w- C:\ProgramData\Soluto

2011-05-25 11:42:33 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-05-24 03:14:19 32768 ----a-w- C:\Windows\SysWow64\svcmgr.ocx

2011-05-24 03:14:19 -------- d-----w- C:\Program Files\RefreshPC

2011-05-24 02:26:45 -------- d-----w- C:\Users\Home\AppData\Roaming\PCF-VLC

2011-05-24 02:25:19 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar

2011-05-24 02:25:17 -------- d-----w- C:\Users\Home\AppData\Roaming\Participatory Culture Foundation

2011-05-24 02:24:35 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation

2011-05-23 05:44:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-22 23:30:28 -------- d-----w- C:\Windows\System32\SPReview

2011-05-20 16:37:08 -------- d-----w- C:\Program Files (x86)\Auslogics

2011-05-20 07:48:50 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-05-20 07:48:49 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA13DF83-17D3-4A0B-9CBC-53BEF6D4F313}\gapaengine.dll

2011-05-20 03:16:39 -------- d-----w- C:\Windows\$regcmp$

2011-05-20 01:18:54 716058 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\Analyzed\unins000.exe

2011-05-20 01:18:54 184320 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\Analyzed\Analyzed.dll

2011-05-18 00:39:43 -------- d-----w- C:\Users\Home\AppData\Roaming\QuickScan

2011-05-17 22:16:43 -------- d-----w- C:\Users\Home\AppData\Roaming\Malwarebytes

2011-05-17 22:16:28 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-17 22:16:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-17 13:07:32 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-16 06:33:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-05-16 06:33:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-05-16 06:33:21 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-05-14 14:49:39 -------- d-----w- C:\Users\Home\AppData\Local\RadioSure

2011-05-14 02:14:18 -------- d-----w- C:\Users\Home\AppData\Roaming\Win7codecs

2011-05-14 02:14:13 -------- d-----w- C:\Program Files (x86)\Win7codecs

2011-05-14 02:08:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 14:44:37 -------- d-----w- C:\Users\Home\AppData\Roaming\DeskSlide

2011-05-13 14:44:32 -------- d-----w- C:\Program Files (x86)\DeskSlide

2011-05-12 18:41:39 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-12 18:41:39 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-11 17:04:13 -------- d-----w- C:\Users\Home\AppData\Local\Easy Clone Detective

2011-05-11 01:43:05 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-05-11 01:43:04 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-05-11 01:43:04 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-05-11 01:42:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-05-11 01:42:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2011-05-11 01:42:59 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-05-11 01:42:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-05-11 01:42:59 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys

2011-05-11 01:42:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2011-05-11 01:42:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2011-05-10 12:18:45 -------- d-----w- C:\Windows\uninstall

2011-05-10 03:28:56 -------- d-----w- C:\Users\Home\AppData\Roaming\Auslogics

2011-05-10 03:23:34 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll

2011-05-09 14:42:58 6729728 ----a-w- C:\Windows\System32\TunerFreeMCE_4_4_7.msi

2011-05-05 00:51:11 2870272 ----a-w- C:\Windows\explorer.exe

2011-05-05 00:51:09 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll

2011-05-05 00:51:09 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-05-05 00:51:07 1792000 ----a-w- C:\Windows\SysWow64\authui.dll

2011-05-05 00:51:06 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup

2011-05-05 00:51:06 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup

2011-04-27 20:04:55 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-04-27 20:04:55 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-04-27 20:04:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-04-27 20:04:54 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-04-27 18:21:38 3268096 ----a-w- C:\Windows\SysWow64\x264vfw.dll

.

==================== Find3M ====================

.

2011-04-26 05:14:06 61440 ----a-w- C:\Windows\SysWow64\AxInterop.WMPLib.dll

2011-04-26 05:14:06 339968 ----a-w- C:\Windows\SysWow64\Interop.WMPLib.dll

2011-04-26 05:14:06 182272 ----a-w- C:\Windows\SysWow64\W8ClockSettings.exe

2011-04-26 05:14:06 181760 ----a-w- C:\Windows\SysWow64\W8Clock.scr

2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-04-13 19:23:56 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-04-13 19:23:56 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-04-12 20:01:38 52632 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2011-04-12 02:09:18 73216 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-04-10 12:43:26 1197568 ----a-w- C:\Windows\SysWow64\VSFilter.dll

2011-04-09 06:00:34 465920 ----a-w- C:\Windows\System32\itpcoin815.dll

2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-04-02 12:53:59 14 ----a-w- C:\Windows\SysWow64\Systemdrv.sys

2011-03-31 01:53:18 8335360 ----a-w- C:\Windows\System32\7CMenuBG.dll

2011-03-26 03:04:46 2926208 ----a-w- C:\Windows\System32\BootMan.exe

2011-03-26 03:04:16 18048 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2011-03-26 03:03:44 2340992 ----a-w- C:\Windows\SysWow64\BootMan.exe

2011-03-24 17:57:54 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2011-03-24 17:57:54 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2011-03-24 17:57:54 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2011-03-24 17:57:54 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2011-03-24 17:57:54 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2011-03-24 17:57:54 11264 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2011-03-24 17:57:54 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2011-03-22 20:47:36 111562752 ----a-w- C:\Program Files\PM11_Pers_full_ea_x64.msi

2011-03-22 20:47:36 111562752 ----a-w- C:\PM11_Pers_full_ea_x64.msi

2011-03-21 20:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-03-21 20:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-03-21 20:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-03-21 16:58:04 152064 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-03-20 20:38:58 344064 ----a-w- C:\Windows\SysWow64\AACACM.acm

2011-03-20 04:00:38 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2011-03-19 18:06:02 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2011-03-19 18:04:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2011-03-13 04:28:36 8192 ----a-w- C:\Windows\System32\jdboot.exe

2011-03-13 04:28:36 37248 ----a-w- C:\Windows\System32\drivers\jddrv.sys

2011-03-13 04:28:36 23040 ----a-w- C:\Windows\System32\jddac.dll

2011-03-13 04:28:36 22016 ----a-w- C:\Windows\System32\jdnat.dll

2011-03-11 08:54:14 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll

2011-03-11 08:53:32 14848 ----a-w- C:\Windows\System32\smrgdf.exe

2011-03-11 08:53:28 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe

2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-06 20:08:10 795648 ----a-w- C:\Windows\System32\Computer Customizer.exe

2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys

2011-02-28 16:29:46 2287616 ----a-w- C:\Windows\System32\wmplibbg.exe

2010-08-03 19:41:35 81408 ----a-w- C:\Program Files (x86)\taskkill.exe

.

============= FINISH: 10:36:34.20 ===============

Link to post
Share on other sites

  • Staff

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for uTorrent and anything else you have installed.

Link to post
Share on other sites

OK, I'm sorry about the uTorrent. I uninstalled it. A buddy was showing me how to use it, and yes I did know it was illegal.

However, I still need help with malware. I've been doing MBAM scans every couple of days and constently have come up with two infections in the registry.

Thanks for your help so far and I hope you can help me in the future.

Sincerely, Don Fraser

Link to post
Share on other sites

  • Staff

Hi,

Thank you.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 11-05-31.02 - Home 31/05/2011 22:58:31.1.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3037.1622 [GMT -7:00]

Running from: c:\users\Home\Documents\unused deskttop shortcuts\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\logonscreenrotator\logonscreenrotator.exe

c:\programdata\ntuser.dat

c:\users\Home\AppData\Roaming\Microsoft\Windows\Recent\More Wallpapers.url

c:\users\Home\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))

.

.

2011-06-01 06:06 . 2011-06-01 06:06 -------- d-----w- c:\users\shawrepair\AppData\Local\temp

2011-06-01 06:06 . 2011-06-01 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-31 16:06 . 2011-05-31 16:06 -------- d-----w- c:\program files\ITknowledge24

2011-05-31 12:39 . 2011-05-31 12:39 -------- d-----w- c:\program files (x86)\Common Files\Chameleon Manager

2011-05-31 12:39 . 2011-05-31 12:39 -------- d-----w- c:\program files (x86)\Chameleon Task Manager 3

2011-05-31 12:35 . 2011-05-31 12:35 -------- d-----w- c:\users\Home\AppData\Roaming\Win7codecs

2011-05-31 06:26 . 2011-05-31 06:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-05-31 06:26 . 2011-05-31 06:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-05-31 03:29 . 2011-05-31 03:29 -------- d-----w- c:\program files (x86)\Win7codecs

2011-05-29 01:41 . 2011-05-29 01:41 -------- d-----w- c:\users\Home\AppData\Local\Four13_Designs

2011-05-28 00:00 . 2011-05-28 00:00 -------- d-----w- c:\programdata\Symantec

2011-05-28 00:00 . 2011-05-28 00:02 -------- d-----w- c:\programdata\Norton

2011-05-27 22:50 . 2011-05-27 22:50 -------- d-----w- c:\windows\SysWow64\Adobe

2011-05-26 04:10 . 2011-05-25 06:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-05-26 04:10 . 2011-05-26 04:10 -------- d-----w- c:\program files\Soluto

2011-05-26 04:08 . 2011-05-28 12:02 -------- d-----w- c:\programdata\Soluto

2011-05-25 11:42 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 03:14 . 2011-05-24 03:14 -------- d-----w- c:\program files\RefreshPC

2011-05-24 03:14 . 2002-06-13 21:02 32768 ----a-w- c:\windows\SysWow64\svcmgr.ocx

2011-05-24 02:26 . 2011-05-31 14:03 -------- d-----w- c:\users\Home\AppData\Roaming\PCF-VLC

2011-05-24 02:25 . 2011-05-24 02:25 -------- d-----w- c:\program files (x86)\GetMiro Toolbar

2011-05-24 02:25 . 2011-05-24 02:25 -------- d-----w- c:\users\Home\AppData\Roaming\Participatory Culture Foundation

2011-05-24 02:24 . 2011-05-24 02:24 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation

2011-05-23 05:44 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-22 23:30 . 2011-05-22 23:30 -------- d-----w- c:\windows\system32\SPReview

2011-05-20 16:37 . 2011-05-20 16:37 -------- d-----w- c:\program files (x86)\Auslogics

2011-05-20 03:16 . 2011-05-20 03:20 -------- d-----w- c:\windows\$regcmp$

2011-05-20 01:18 . 2011-05-20 01:18 716058 ----a-w- c:\program files (x86)\Windows Media Player\Visualizations\Analyzed\unins000.exe

2011-05-20 01:18 . 2009-02-02 18:54 184320 ----a-w- c:\program files (x86)\Windows Media Player\Visualizations\Analyzed\Analyzed.dll

2011-05-18 03:18 . 2011-05-18 03:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-05-18 00:39 . 2011-05-18 00:39 -------- d-----w- c:\users\Home\AppData\Roaming\QuickScan

2011-05-17 22:16 . 2011-05-17 22:16 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes

2011-05-17 22:16 . 2011-05-17 22:16 -------- d-----w- c:\programdata\Malwarebytes

2011-05-17 22:16 . 2011-05-23 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-16 06:33 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-05-14 14:49 . 2011-05-15 22:34 -------- d-----w- c:\users\Home\AppData\Local\RadioSure

2011-05-14 02:08 . 2011-05-14 02:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 16:58 . 2011-05-13 16:58 2785280 ----a-w- c:\windows\SysWow64\x264vfw.dll

2011-05-13 14:44 . 2011-05-13 14:56 -------- d-----w- c:\users\Home\AppData\Roaming\DeskSlide

2011-05-13 14:44 . 2011-05-13 14:44 -------- d-----w- c:\program files (x86)\DeskSlide

2011-05-12 19:53 . 2011-05-12 19:53 147456 ----a-w- c:\windows\SysWow64\lagarith.dll

2011-05-12 18:41 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-12 18:41 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-11 17:04 . 2011-05-11 17:04 -------- d-----w- c:\users\Home\AppData\Local\Easy Clone Detective

2011-05-11 01:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 01:43 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 01:43 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 01:42 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 01:42 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 01:42 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 01:42 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 01:42 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 01:42 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 01:42 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-10 12:18 . 2011-05-10 12:18 -------- d-----w- c:\windows\uninstall

2011-05-10 03:28 . 2011-05-10 03:28 -------- d-----w- c:\users\Home\AppData\Roaming\Auslogics

2011-05-09 14:42 . 2011-05-09 14:43 6729728 ----a-w- c:\windows\system32\TunerFreeMCE_4_4_7.msi

2011-05-05 00:51 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2011-05-05 00:51 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2011-05-05 00:51 . 2009-07-14 01:06 20268032 ----a-w- c:\windows\SysWow64\imageres.dll

2011-05-05 00:51 . 2009-07-14 01:14 1792000 ----a-w- c:\windows\SysWow64\authui.dll

2011-05-05 00:51 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup

2011-05-05 00:51 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-26 05:14 . 2011-04-26 05:12 61440 ----a-w- c:\windows\SysWow64\AxInterop.WMPLib.dll

2011-04-26 05:14 . 2011-04-26 05:12 339968 ----a-w- c:\windows\SysWow64\Interop.WMPLib.dll

2011-04-26 05:14 . 2011-04-26 05:12 182272 ----a-w- c:\windows\SysWow64\W8ClockSettings.exe

2011-04-26 05:14 . 2011-04-26 05:12 181760 ----a-w- c:\windows\SysWow64\W8Clock.scr

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-12 20:01 . 2011-04-12 20:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-04-12 02:09 . 2011-04-12 02:09 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-04-10 12:43 . 2011-04-10 12:43 1197568 ----a-w- c:\windows\SysWow64\VSFilter.dll

2011-04-09 06:00 . 2011-04-09 06:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll

2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-03-31 05:02 . 2011-03-31 05:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll

2011-03-31 01:53 . 2011-03-31 01:53 8335360 ----a-w- c:\windows\system32\7CMenuBG.dll

2011-03-26 03:04 . 2011-04-07 15:46 2926208 ----a-w- c:\windows\system32\BootMan.exe

2011-03-26 03:04 . 2011-04-07 15:46 18048 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll

2011-03-26 03:03 . 2011-04-07 15:46 2340992 ----a-w- c:\windows\SysWow64\BootMan.exe

2011-03-24 17:57 . 2011-04-07 15:46 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys

2011-03-24 17:57 . 2011-04-07 15:46 16776 ----a-w- c:\windows\system32\epmntdrv.sys

2011-03-24 17:57 . 2011-04-07 15:46 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll

2011-03-24 17:57 . 2011-04-07 15:46 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe

2011-03-24 17:57 . 2011-04-07 15:46 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe

2011-03-24 17:57 . 2011-04-07 15:46 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys

2011-03-24 17:57 . 2011-04-07 15:46 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys

2011-03-22 20:47 . 2011-03-23 12:01 111562752 ----a-w- c:\program files\PM11_Pers_full_ea_x64.msi

2011-03-22 20:47 . 2011-03-23 11:59 111562752 ----a-w- C:\PM11_Pers_full_ea_x64.msi

2011-03-21 20:22 . 2011-03-21 20:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-03-21 20:22 . 2011-03-21 20:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-03-21 20:22 . 2009-07-22 14:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-03-21 16:58 . 2011-03-21 16:58 152064 ----a-w- c:\windows\SysWow64\xvid.ax

2011-03-20 20:38 . 2011-03-20 20:38 344064 ----a-w- c:\windows\SysWow64\AACACM.acm

2011-03-20 04:00 . 2011-03-20 04:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm

2011-03-20 00:35 . 2011-03-20 00:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-03-20 00:35 . 2011-03-20 00:35 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-03-19 18:06 . 2011-03-19 18:06 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2011-03-19 18:04 . 2011-03-19 18:04 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll

2011-03-17 02:19 . 2011-03-17 02:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-03-17 02:19 . 2011-03-17 02:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-03-17 02:19 . 2011-03-17 02:19 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-03-17 02:19 . 2011-03-17 02:19 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-03-17 02:19 . 2011-03-17 02:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-03-17 02:19 . 2011-03-17 02:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-03-17 02:19 . 2011-03-17 02:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-03-17 02:19 . 2011-03-17 02:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-03-17 02:19 . 2011-03-17 02:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-03-17 02:19 . 2011-03-17 02:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-03-17 02:19 . 2011-03-17 02:19 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-03-17 02:19 . 2011-03-17 02:19 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-03-17 02:19 . 2011-03-17 02:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-03-17 02:19 . 2011-03-17 02:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-03-17 02:19 . 2011-03-17 02:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-03-17 02:19 . 2011-03-17 02:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-03-17 02:19 . 2011-03-17 02:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-03-17 02:19 . 2011-03-17 02:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-03-17 02:19 . 2011-03-17 02:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-03-17 02:19 . 2011-03-17 02:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-03-17 02:19 . 2011-03-17 02:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-03-17 02:19 . 2011-03-17 02:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-03-17 02:19 . 2011-03-17 02:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-03-17 02:19 . 2011-03-17 02:19 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-03-17 02:19 . 2011-03-17 02:19 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-03-17 02:19 . 2011-03-17 02:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-03-17 02:19 . 2011-03-17 02:19 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-03-17 02:19 . 2011-03-17 02:19 222208 ----a-w- c:\windows\system32\msls31.dll

2011-03-17 02:19 . 2011-03-17 02:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-03-17 02:19 . 2011-03-17 02:19 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-03-17 02:19 . 2011-03-17 02:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-03-17 02:19 . 2011-03-17 02:19 12288 ----a-w- c:\windows\system32\mshta.exe

2011-03-17 02:19 . 2011-03-17 02:19 114176 ----a-w- c:\windows\system32\admparse.dll

2011-03-17 02:19 . 2011-03-17 02:19 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-03-17 02:19 . 2011-03-17 02:19 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-03-17 02:19 . 2011-03-17 02:19 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-03-17 02:19 . 2011-03-17 02:19 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-03-17 02:19 . 2011-03-17 02:19 448512 ----a-w- c:\windows\system32\html.iec

2011-03-17 02:19 . 2011-03-17 02:19 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-03-17 02:19 . 2011-03-17 02:19 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-03-17 02:19 . 2011-03-17 02:19 160256 ----a-w- c:\windows\system32\wextract.exe

2011-03-17 02:19 . 2011-03-17 02:19 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-03-13 04:28 . 2011-03-15 15:24 8192 ----a-w- c:\windows\system32\jdboot.exe

2011-03-13 04:28 . 2011-03-15 15:24 37248 ----a-w- c:\windows\system32\drivers\jddrv.sys

2011-03-13 04:28 . 2011-03-15 15:24 23040 ----a-w- c:\windows\system32\jddac.dll

2011-03-13 04:28 . 2011-03-15 15:24 22016 ----a-w- c:\windows\system32\jdnat.dll

2011-03-13 02:30 . 2011-03-13 02:30 9216 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe

2011-03-12 12:03 . 2011-04-27 20:04 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-12 11:31 . 2011-04-27 20:04 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-03-11 08:54 . 2010-11-05 17:42 97928 ----a-w- c:\windows\system32\IncContxMenu.dll

2011-03-11 08:53 . 2010-11-05 17:42 14848 ----a-w- c:\windows\system32\smrgdf.exe

2011-03-11 08:53 . 2010-11-05 17:42 45568 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-03-11 06:23 . 2011-04-27 20:06 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 06:23 . 2011-04-27 20:06 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 06:23 . 2011-04-27 20:06 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 06:23 . 2011-04-27 20:06 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 06:23 . 2011-04-27 20:06 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 06:22 . 2011-04-27 20:06 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 06:22 . 2011-04-27 20:06 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-17 160328]

"RocketDock"="c:\program files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]

"DeskSlide"="c:\program files (x86)\DeskSlide\DeskSlide.exe" [2008-01-28 806912]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-27 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 874624]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-31 273544]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

"NoStartMenuMyGames"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2010-11-23 21:38 539952 ----a-w- c:\program files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R1 ElRawDisk;ElRawDisk; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]

R3 MatSvc;MatSvc;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]

R3 pwdrvio;pwdrvio; [x]

R3 pwdspio;pwdspio; [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]

S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys [2010-10-27 54864]

S1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2010-10-27 54896]

S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys [2010-10-27 37872]

S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-01-11 468096]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-05-25 376352]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ioloSGuardDriver

*Deregistered* - NisDrv

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 06:27]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 06:27]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-08 2328944]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://yahoo.ca/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile=NOTEPAD.EXE %1

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

SharedTaskScheduler-{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4111735249-205797063-2203002407-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4111735249-205797063-2203002407-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-31 23:08:46

ComboFix-quarantined-files.txt 2011-06-01 06:08

.

Pre-Run: 66,181,128,192 bytes free

Post-Run: 66,087,981,056 bytes free

.

- - End Of File - - 15B2279C528088BC8AF863192E38B0E5

Link to post
Share on other sites

sorry, got this up before, didnMalwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6691

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

31/05/2011 6:02:38 PM

mbam-log-2011-05-31 (18-02-38).txt

Scan type: Quick scan

Objects scanned: 171283

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)'t press post

Link to post
Share on other sites

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Home at 23:17:48 on 2011-05-31

Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3037.1353 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Soluto\soluto.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\DeskSlide\DeskSlide.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe

C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Home\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.ca/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [RocketDock] "C:\Program Files (x86)\CustoPackTools\utils\RocketDock\RocketDock.exe"

uRun: [DeskSlide] C:\Program Files (x86)\DeskSlide\DeskSlide.exe -logon -hide

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

uPolicies-explorer: NoChangeAnimation = 0 (0x0)

uPolicies-explorer: NoDFSTab = 0 (0x0)

uPolicies-explorer: NoFileAssociate = 0 (0x0)

uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

mPolicies-explorer: NoSMMyPictures = 0 (0x0)

mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ca/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

STS: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2010-11-29 54864]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2010-11-29 54896]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2010-11-29 37872]

R2 GenieTimelineService;Genie Timeline Service;C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-1-11 468096]

R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-3-15 724152]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-3-15 724152]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-5-24 376352]

R3 OAnet;OnlineArmor Service;C:\Windows\system32\DRIVERS\oanet.sys --> C:\Windows\system32\DRIVERS\oanet.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-7 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-7 8456]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]

S3 MatSvc;MatSvc;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile=NOTEPAD.EXE %1

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-06-01 06:17:48 -------- d-----w- C:\ProgramData\AppData

2011-06-01 05:55:18 98816 ----a-w- C:\Windows\sed.exe

2011-06-01 05:55:18 518144 ----a-w- C:\Windows\SWREG.exe

2011-06-01 05:55:18 256512 ----a-w- C:\Windows\PEV.exe

2011-06-01 05:55:18 208896 ----a-w- C:\Windows\MBR.exe

2011-05-31 16:06:29 -------- d-----w- C:\Program Files\ITknowledge24

2011-05-31 12:39:24 -------- d-----w- C:\Program Files (x86)\Common Files\Chameleon Manager

2011-05-31 12:39:22 -------- d-----w- C:\Program Files (x86)\Chameleon Task Manager 3

2011-05-31 12:35:54 -------- d-----w- C:\Users\Home\AppData\Roaming\Win7codecs

2011-05-31 06:26:48 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-05-31 06:26:48 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-05-31 03:29:02 -------- d-----w- C:\Program Files (x86)\Win7codecs

2011-05-29 01:41:38 -------- d-----w- C:\Users\Home\AppData\Local\Four13_Designs

2011-05-28 00:00:31 -------- d-----w- C:\ProgramData\Symantec

2011-05-28 00:00:24 -------- d-----w- C:\ProgramData\Norton

2011-05-28 00:00:22 -------- d-----w- C:\ProgramData\NortonInstaller

2011-05-27 22:50:19 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-05-26 04:10:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys

2011-05-26 04:10:11 -------- d-----w- C:\Program Files\Soluto

2011-05-26 04:08:53 -------- d-----w- C:\ProgramData\Soluto

2011-05-25 11:42:33 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-05-24 03:14:19 32768 ----a-w- C:\Windows\SysWow64\svcmgr.ocx

2011-05-24 03:14:19 -------- d-----w- C:\Program Files\RefreshPC

2011-05-24 02:26:45 -------- d-----w- C:\Users\Home\AppData\Roaming\PCF-VLC

2011-05-24 02:25:19 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar

2011-05-24 02:25:17 -------- d-----w- C:\Users\Home\AppData\Roaming\Participatory Culture Foundation

2011-05-24 02:24:35 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation

2011-05-23 05:44:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-22 23:30:28 -------- d-----w- C:\Windows\System32\SPReview

2011-05-20 16:37:08 -------- d-----w- C:\Program Files (x86)\Auslogics

2011-05-20 03:16:39 -------- d-----w- C:\Windows\$regcmp$

2011-05-20 01:18:54 716058 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\Analyzed\unins000.exe

2011-05-20 01:18:54 184320 ----a-w- C:\Program Files (x86)\Windows Media Player\Visualizations\Analyzed\Analyzed.dll

2011-05-18 00:39:43 -------- d-----w- C:\Users\Home\AppData\Roaming\QuickScan

2011-05-17 22:16:43 -------- d-----w- C:\Users\Home\AppData\Roaming\Malwarebytes

2011-05-17 22:16:28 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-17 22:16:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-16 06:33:21 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-05-14 14:49:39 -------- d-----w- C:\Users\Home\AppData\Local\RadioSure

2011-05-14 02:08:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 16:58:12 2785280 ----a-w- C:\Windows\SysWow64\x264vfw.dll

2011-05-13 14:44:37 -------- d-----w- C:\Users\Home\AppData\Roaming\DeskSlide

2011-05-13 14:44:32 -------- d-----w- C:\Program Files (x86)\DeskSlide

2011-05-12 19:53:30 147456 ----a-w- C:\Windows\SysWow64\lagarith.dll

2011-05-12 18:41:39 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-12 18:41:39 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-11 17:04:13 -------- d-----w- C:\Users\Home\AppData\Local\Easy Clone Detective

2011-05-11 01:43:05 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-05-11 01:43:04 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-05-11 01:43:04 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-05-11 01:42:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-05-11 01:42:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2011-05-11 01:42:59 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-05-11 01:42:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-05-11 01:42:59 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys

2011-05-11 01:42:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2011-05-11 01:42:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2011-05-10 12:18:45 -------- d-----w- C:\Windows\uninstall

2011-05-10 03:28:56 -------- d-----w- C:\Users\Home\AppData\Roaming\Auslogics

2011-05-09 14:42:58 6729728 ----a-w- C:\Windows\System32\TunerFreeMCE_4_4_7.msi

2011-05-05 00:51:11 2870272 ----a-w- C:\Windows\explorer.exe

2011-05-05 00:51:09 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll

2011-05-05 00:51:09 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-05-05 00:51:07 1792000 ----a-w- C:\Windows\SysWow64\authui.dll

2011-05-05 00:51:06 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup

2011-05-05 00:51:06 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup

.

==================== Find3M ====================

.

2011-04-26 05:14:06 61440 ----a-w- C:\Windows\SysWow64\AxInterop.WMPLib.dll

2011-04-26 05:14:06 339968 ----a-w- C:\Windows\SysWow64\Interop.WMPLib.dll

2011-04-26 05:14:06 182272 ----a-w- C:\Windows\SysWow64\W8ClockSettings.exe

2011-04-26 05:14:06 181760 ----a-w- C:\Windows\SysWow64\W8Clock.scr

2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-04-12 20:01:38 52632 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2011-04-12 02:09:18 73216 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-04-10 12:43:26 1197568 ----a-w- C:\Windows\SysWow64\VSFilter.dll

2011-04-09 06:00:34 465920 ----a-w- C:\Windows\System32\itpcoin815.dll

2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-04-02 12:53:59 14 ----a-w- C:\Windows\SysWow64\Systemdrv.sys

2011-03-31 01:53:18 8335360 ----a-w- C:\Windows\System32\7CMenuBG.dll

2011-03-26 03:04:46 2926208 ----a-w- C:\Windows\System32\BootMan.exe

2011-03-26 03:04:16 18048 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2011-03-26 03:03:44 2340992 ----a-w- C:\Windows\SysWow64\BootMan.exe

2011-03-24 17:57:54 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2011-03-24 17:57:54 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2011-03-24 17:57:54 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2011-03-24 17:57:54 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2011-03-24 17:57:54 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2011-03-24 17:57:54 11264 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2011-03-24 17:57:54 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2011-03-22 20:47:36 111562752 ----a-w- C:\Program Files\PM11_Pers_full_ea_x64.msi

2011-03-22 20:47:36 111562752 ----a-w- C:\PM11_Pers_full_ea_x64.msi

2011-03-21 20:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-03-21 20:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-03-21 20:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-03-21 16:58:04 152064 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-03-20 20:38:58 344064 ----a-w- C:\Windows\SysWow64\AACACM.acm

2011-03-20 04:00:38 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2011-03-19 18:06:02 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2011-03-19 18:04:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2011-03-13 04:28:36 8192 ----a-w- C:\Windows\System32\jdboot.exe

2011-03-13 04:28:36 37248 ----a-w- C:\Windows\System32\drivers\jddrv.sys

2011-03-13 04:28:36 23040 ----a-w- C:\Windows\System32\jddac.dll

2011-03-13 04:28:36 22016 ----a-w- C:\Windows\System32\jdnat.dll

2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-11 08:54:14 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll

2011-03-11 08:53:32 14848 ----a-w- C:\Windows\System32\smrgdf.exe

2011-03-11 08:53:28 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe

2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-06 20:08:10 795648 ----a-w- C:\Windows\System32\Computer Customizer.exe

2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-08-03 19:41:35 81408 ----a-w- C:\Program Files (x86)\taskkill.exe

.

============= FINISH: 23:18:14.17 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Results of screen317's Security Check version 0.99.12

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

iolo technologies' System Mechanic

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.152.26

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

system32 ioloServiceManager.exe -?-

``````````End of Log````````````

ESET scanner found 3 infections in my external hard drive. I'm going to format that drive as there are files on it that I don't want backed up. Otherwise, PC runs well- voice command malware is gone, thank - you. I've been scanning with MBAM about every three days, and each time finding the same two infections, as you probably know, the corrupt registry data. A clean install of Windows seems to be in order. Thanks for your help and patience.

-Don

Link to post
Share on other sites

  • Staff

Hi,

Update MBAM, run a Quick Scan, and post its log.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6805

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

07/06/2011 10:24:11 PM

mbam-log-2011-06-07 (22-24-11).txt

Scan type: Quick scan

Objects scanned: 180569

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Have MBAM ignore those; they're set by your Iolo software.

If there are no further issues, I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.