Jump to content

Recommended Posts

Hi there, I need assistance removing a possible TDSS rootkit from my computer. I have a Pavilion dm4-1253cl laptop running 64-bit windows 7.

I've tried running so many antivirus/antimalware programs including Avast, Malwarebytes, AVG, TDSS Killer, and Dr Web-Cureit and nothing is ever found. Whenever I try to search in IE, Firefox and Chrome the links that I click on redirect me to different websites and sometimes I'm redirected while I'm on a webpage randomly. Please help!

Link to post
Share on other sites

Hi Caitlin,

Welcome to the Malwarebytes Forum :)

Step #1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.

Click Scan

On completion of the scan, Click the Fix for TDL4 or FIXMBR for Whistler Button Select as appropriate

Save the log as before and post in your next reply.

Step #2

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Attached are the aswMBR and ComboFix logs

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-21 17:56:57

-----------------------------

17:56:57.401 OS Version: Windows x64 6.1.7600

17:56:57.401 Number of processors: 4 586 0x2505

17:56:57.402 ComputerName: CAITLIN-HP UserName: Caitlin

17:56:58.920 Initialize success

17:57:13.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:57:13.919 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3

17:57:13.951 Disk 0 MBR read successfully

17:57:13.956 Disk 0 MBR scan

17:57:13.960 Disk 0 unknown MBR code

17:57:13.964 Service scanning

17:57:14.939 Disk 0 trace - called modules:

17:57:14.973 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll

17:57:14.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ba3060]

17:57:14.984 3 CLASSPNP.SYS[fffff88001b2843f] -> nt!IofCallDriver -> [0xfffffa8006a04b10]

17:57:14.989 5 hpdskflt.sys[fffff88001acf289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068a3050]

17:57:14.995 Scan finished successfully

17:58:20.925 Disk 0 MBR has been saved successfully to "C:\Users\Caitlin\Desktop\MBR.dat"

17:58:20.926 The log file has been saved successfully to "C:\Users\Caitlin\Desktop\aswMBR.txt"

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-21 18:37:59

-----------------------------

18:37:59.493 OS Version: Windows x64 6.1.7600

18:37:59.493 Number of processors: 4 586 0x2505

18:37:59.493 ComputerName: CAITLIN-HP UserName: Caitlin

18:38:01.537 Initialize success

18:38:04.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:38:04.360 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3

18:38:04.376 Disk 0 MBR read successfully

18:38:04.376 Disk 0 MBR scan

18:38:04.392 Disk 0 unknown MBR code

18:38:04.392 Service scanning

18:38:08.650 Disk 0 trace - called modules:

18:38:08.666 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll

18:38:08.666 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b71060]

18:38:08.682 3 CLASSPNP.SYS[fffff88001a8943f] -> nt!IofCallDriver -> [0xfffffa80069ecb10]

18:38:08.682 5 hpdskflt.sys[fffff880017f3289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800687b050]

18:38:08.697 Scan finished successfully

18:38:17.293 Disk 0 MBR has been saved successfully to "C:\Users\Caitlin\Desktop\MBR.dat"

18:38:17.308 The log file has been saved successfully to "C:\Users\Caitlin\Desktop\aswMBR.txt"

ComboFix 11-05-21.03 - Caitlin 05/21/2011 18:42:54.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.4378 [GMT -7:00]

Running from: c:\users\Caitlin\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))

.

.

2011-05-22 01:47 . 2011-05-22 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-21 22:38 . 2011-05-21 22:38 -------- d-----w- c:\users\Caitlin\AppData\Local\HuluDesktop

2011-05-21 22:16 . 2011-05-21 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-05-21 22:16 . 2011-05-21 22:16 0 ----a-w- c:\windows\SysWow64\RENB28.tmp

2011-05-21 22:16 . 2011-05-21 22:16 0 ----a-w- c:\windows\SysWow64\RENB27.tmp

2011-05-21 22:16 . 2011-05-21 22:16 0 ----a-w- c:\windows\SysWow64\RENB07.tmp

2011-05-21 22:16 . 2011-05-21 22:16 -------- d-----w- c:\program files (x86)\Java

2011-05-21 20:42 . 2011-05-21 22:50 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-21 20:42 . 2011-05-21 20:42 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-21 20:42 . 2011-05-21 20:42 -------- d-----w- c:\programdata\Hitman Pro

2011-05-21 17:14 . 2011-05-21 17:14 -------- d-----w- c:\users\Caitlin\AppData\Local\{C2D2DAD1-16B9-47D2-9096-9B1E23592E94}

2011-05-21 05:13 . 2011-05-21 05:14 -------- d-----w- c:\users\Caitlin\AppData\Local\{E77853B2-2BBD-489D-BB5E-1425A46F8FB6}

2011-05-20 16:51 . 2011-05-20 16:51 -------- d-----w- c:\users\Caitlin\AppData\Local\{52D7885F-7CC1-438F-ADFE-A934CCAC78E2}

2011-05-19 18:34 . 2011-05-19 18:34 -------- d-----w- c:\users\Caitlin\AppData\Local\{FC1C41A3-8F28-4B56-AF45-8EC02F6DB987}

2011-05-19 05:58 . 2011-05-19 05:58 -------- d-----w- c:\users\Caitlin\AppData\Local\{439104B5-1932-45A0-8B17-E363FF8BF2C0}

2011-05-18 16:23 . 2011-05-18 16:23 -------- d-----w- c:\users\Caitlin\AppData\Local\{67A9981E-438A-4E72-BC9F-FE385098FEAD}

2011-05-18 04:23 . 2011-05-18 04:23 -------- d-----w- c:\users\Caitlin\AppData\Local\{0BC71410-8AD6-4222-A17B-67FA77FC7CA6}

2011-05-17 16:23 . 2011-05-17 16:23 -------- d-----w- c:\users\Caitlin\AppData\Local\{307ADEF4-F2A5-404F-868B-EBCA181820EA}

2011-05-17 04:22 . 2011-05-17 04:22 -------- d-----w- c:\users\Caitlin\AppData\Local\{B0FF0DE8-E5B7-499A-946D-247795AA503D}

2011-05-16 17:36 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL

2011-05-16 15:10 . 2011-05-16 15:10 -------- d-----w- c:\users\Caitlin\AppData\Local\{40B7FC7B-D313-4639-886A-C759336DD5F8}

2011-05-15 18:49 . 2011-05-15 18:49 -------- d-----w- c:\users\Caitlin\AppData\Local\{6DA0A343-266D-467C-BF17-95C243618078}

2011-05-15 04:32 . 2011-05-15 04:32 -------- d-----w- c:\users\Caitlin\AppData\Local\{2E92A769-55A2-488E-A66D-CF9952DA2184}

2011-05-14 16:32 . 2011-05-14 16:32 -------- d-----w- c:\users\Caitlin\AppData\Local\{66536EB6-A4A4-40AA-B28F-5F13DF17EFC0}

2011-05-13 17:44 . 2011-05-13 17:44 -------- d-----w- c:\users\Caitlin\AppData\Local\{14B6D2EE-D893-45FF-B8E8-635622FBCA71}

2011-05-13 00:50 . 2011-05-13 00:50 -------- d-----w- c:\users\Caitlin\AppData\Local\{94E0AD7B-D408-4D6A-ADCF-D3BB518031B2}

2011-05-12 05:20 . 2011-05-12 05:21 -------- d-----w- c:\users\Caitlin\AppData\Local\{FD554BF7-B47F-43D1-82A7-6E95AD49AF5F}

2011-05-12 01:51 . 2011-05-12 01:51 -------- d-----w- c:\users\Caitlin\AppData\Local\Windows Live Writer

2011-05-12 01:51 . 2011-05-12 01:51 -------- d-----w- c:\users\Caitlin\AppData\Roaming\Windows Live Writer

2011-05-11 15:34 . 2011-05-11 15:34 -------- d-----w- c:\users\Caitlin\AppData\Local\{BD4D48D1-A37A-45C5-ACDC-F0D285BD2CE2}

2011-05-11 03:35 . 2011-05-11 03:35 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-11 03:35 . 2011-05-11 03:35 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-11 03:35 . 2011-05-11 03:35 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 03:35 . 2011-05-11 03:35 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 03:35 . 2011-05-11 03:35 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 03:35 . 2011-05-11 03:35 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 03:35 . 2011-05-11 03:35 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-11 03:35 . 2011-05-11 03:35 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 03:35 . 2011-05-11 03:35 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 03:35 . 2011-05-11 03:35 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 03:35 . 2011-05-11 03:35 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 03:35 . 2011-05-11 03:35 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 03:34 . 2011-05-11 03:34 -------- d-----w- c:\users\Caitlin\AppData\Local\{2F74D21C-F5FC-433E-A2C6-7085DE3D892B}

2011-05-10 22:56 . 2011-05-10 22:56 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-05-10 22:56 . 2011-05-10 22:56 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-05-10 22:56 . 2011-05-10 22:56 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-05-10 22:56 . 2011-05-10 22:56 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-05-10 22:56 . 2011-05-10 22:56 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-05-10 22:56 . 2011-05-10 22:56 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-05-10 22:56 . 2011-05-10 22:56 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-05-10 22:56 . 2011-05-10 22:56 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-10 14:40 . 2011-05-10 14:40 -------- d-----w- c:\users\Caitlin\AppData\Local\{22BAFEF1-7A34-41F3-B793-9727D4BA9995}

2011-05-09 17:04 . 2011-05-09 17:04 -------- d-----w- c:\users\Caitlin\AppData\Local\{1E6C57E5-CC72-41FF-A4B5-B2FA7561BA09}

2011-05-08 19:40 . 2011-05-08 19:40 -------- d-----w- c:\users\Caitlin\AppData\Local\{5129BF08-CA5A-4695-A550-690FBF135C63}

2011-05-08 07:40 . 2011-05-08 07:40 -------- d-----w- c:\users\Caitlin\AppData\Local\{A04B104F-D047-419A-9AC2-502CE2A38227}

2011-05-07 18:13 . 2011-05-07 18:13 -------- d-----w- c:\users\Caitlin\AppData\Local\{E42466C6-0892-49E8-89CB-A59A0C7A6744}

2011-05-06 19:28 . 2011-05-06 19:28 -------- d-----w- c:\users\Caitlin\AppData\Local\{E0F95732-21D0-4222-A5A1-E78DA4773404}

2011-05-06 05:44 . 2011-05-06 05:44 -------- d-----w- c:\users\Caitlin\AppData\Local\{B456C202-0B37-46DD-B73A-DA17A0CA77D0}

2011-05-05 17:44 . 2011-05-05 17:44 -------- d-----w- c:\users\Caitlin\AppData\Local\{525F1091-F429-420F-87C6-B641033705C8}

2011-05-04 18:42 . 2011-05-04 18:42 -------- d-----w- c:\users\Caitlin\AppData\Local\{D22AFA0E-99F0-4A66-8832-1E223CA8DD17}

2011-05-03 18:31 . 2011-05-03 18:31 -------- d-----w- c:\users\Caitlin\AppData\Local\{932E8EEF-96FB-4375-B34A-D830459CE5DE}

2011-05-02 20:28 . 2011-05-02 20:29 -------- d-----w- c:\users\Caitlin\AppData\Local\{0B370D2B-24D5-4EEC-861E-AA71F63CFB06}

2011-05-02 07:47 . 2011-05-02 07:48 -------- d-----w- c:\users\Caitlin\AppData\Local\{5BFDCB4A-725E-4ABD-94E3-4C07F05C04DF}

2011-05-01 19:47 . 2011-05-01 19:47 -------- d-----w- c:\users\Caitlin\AppData\Local\{B0E90CC5-9DFA-4071-8575-E69A228799D5}

2011-04-30 23:39 . 2011-04-30 23:47 -------- d-----w- c:\users\Caitlin\AppData\Local\Microsoft Games

2011-04-30 20:17 . 2011-04-30 20:17 -------- d-----w- c:\users\Caitlin\AppData\Local\{B116A80A-4045-4AB1-BA13-D11254A28BDD}

2011-04-30 08:17 . 2011-04-30 08:17 -------- d-----w- c:\users\Caitlin\AppData\Local\{4C2B990D-6BB2-43B2-B144-93D98DC4F1E9}

2011-04-29 18:57 . 2011-04-29 18:57 -------- d-----w- c:\users\Caitlin\AppData\Local\{FBEC5057-CDD9-4C75-BF35-78B4A3E27EF9}

2011-04-29 04:58 . 2011-04-29 04:58 -------- d-----w- c:\users\Caitlin\AppData\Local\{7ADDDD21-E037-496D-A198-2EA0708CBC41}

2011-04-28 16:25 . 2011-04-28 16:25 -------- d-----w- c:\users\Caitlin\AppData\Local\{AF8E3F93-E77F-47AA-8013-1ED2C01CE384}

2011-04-28 01:38 . 2011-04-28 01:38 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-04-28 01:38 . 2011-04-28 01:38 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-04-28 01:38 . 2011-04-28 01:38 2566144 ----a-w- c:\windows\system32\esent.dll

2011-04-28 01:38 . 2011-04-28 01:38 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-28 01:38 . 2011-04-28 01:38 1686016 ----a-w- c:\windows\SysWow64\esent.dll

2011-04-28 01:38 . 2011-04-28 01:38 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-28 01:38 . 2011-04-28 01:38 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-28 01:38 . 2011-04-28 01:38 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-28 01:38 . 2011-04-28 01:38 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-28 01:38 . 2011-04-28 01:38 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-28 01:38 . 2011-04-28 01:38 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-28 01:14 . 2011-04-28 01:14 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-28 01:14 . 2011-04-28 01:14 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-04-28 01:13 . 2011-04-28 01:13 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-04-28 01:13 . 2011-04-28 01:13 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-28 01:13 . 2011-04-28 01:13 2870272 ----a-w- c:\windows\explorer.exe

2011-04-28 01:13 . 2011-04-28 01:13 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2011-04-27 20:32 . 2011-04-27 20:33 -------- d-----w- c:\users\Caitlin\AppData\Local\{052A0B51-7A9E-4306-8F45-E8D719AE1B8B}

2011-04-26 22:57 . 2011-05-18 23:02 -------- d-----w- c:\users\Caitlin\AppData\Roaming\FileZilla

2011-04-26 22:57 . 2011-04-26 22:57 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2011-04-26 19:57 . 2011-04-26 19:57 -------- d-----w- c:\users\Caitlin\AppData\Local\{78575842-97E9-460A-807C-788B01E68C17}

2011-04-26 07:57 . 2011-04-26 07:57 -------- d-----w- c:\users\Caitlin\AppData\Local\{3DA0E6E8-FB99-41F3-8093-5A532C687263}

2011-04-25 19:39 . 2011-04-25 19:40 -------- d-----w- c:\users\Caitlin\AppData\Local\{F21DE3FA-F422-4B73-BA78-C9CE3322AFF6}

2011-04-25 07:39 . 2011-04-25 07:39 -------- d-----w- c:\users\Caitlin\AppData\Local\{7FB6C398-C6DA-44B1-AE1B-3B36A767C5CE}

2011-04-25 07:17 . 2011-04-25 07:17 -------- d-----w- c:\program files (x86)\ESET

2011-04-24 19:39 . 2011-04-24 19:39 -------- d-----w- c:\users\Caitlin\AppData\Local\{0C76E028-EA68-491E-B4D1-5FC70F16C859}

2011-04-23 19:20 . 2011-04-23 19:21 -------- d-----w- c:\users\Caitlin\AppData\Local\{867C4097-4807-4EC5-96F1-4E8D0B24286F}

2011-04-23 07:00 . 2011-04-23 07:00 -------- d-----w- c:\users\Caitlin\AppData\Local\{3B5E8F86-89CD-4460-8AC6-4FC098DD0FE2}

2011-04-22 18:23 . 2011-04-22 18:24 -------- d-----w- c:\users\Caitlin\AppData\Local\{93AE1FEF-90A3-4A07-92A6-7470A4D820DA}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-10 12:10 . 2011-04-15 22:12 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-28 01:14 . 2011-04-28 01:14 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-04-28 01:14 . 2011-04-28 01:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-04-17 22:00 . 2011-04-17 22:00 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-17 22:00 . 2011-04-17 22:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-03-19 21:26 . 2011-03-19 21:26 651776 ------w- c:\windows\system32\stapi64.dll

2011-03-19 21:26 . 2011-03-19 21:26 520192 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2011-03-19 21:26 . 2011-03-19 21:26 431616 ----a-w- c:\windows\system32\stcplx64.dll

2011-03-19 21:26 . 2011-03-19 21:26 1499136 ----a-w- c:\windows\system32\stapo64.dll

2011-03-19 21:26 . 2011-02-12 05:49 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2011-03-19 21:26 . 2011-02-12 05:49 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2011-03-19 21:26 . 2011-02-12 05:49 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2011-03-19 21:26 . 2011-02-12 05:49 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2011-03-19 21:26 . 2011-02-12 05:49 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2011-03-19 21:26 . 2011-02-12 05:49 564224 ----a-w- c:\windows\system32\idt64mp1.exe

2011-03-19 21:26 . 2011-02-12 05:49 525312 ----a-w- c:\windows\sttray64.exe

2011-03-19 21:26 . 2011-02-12 05:49 4637184 ----a-w- c:\windows\system32\stlang64.dll

2011-03-19 21:26 . 2011-02-12 05:49 12896768 ----a-w- c:\windows\system32\idtcpl64.cpl

2011-03-19 21:26 . 2011-02-12 05:48 220160 ----a-w- c:\windows\system32\staco64.dll

2011-03-12 06:03 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-11 06:19 . 2011-04-15 19:26 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 06:19 . 2011-04-15 19:26 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-15 19:26 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-15 19:26 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-03-08 06:14 . 2011-04-15 19:26 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-15 19:26 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-03-03 06:17 . 2011-04-15 19:26 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-15 19:26 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-15 19:26 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-15 19:26 3133440 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 06:30 . 2011-04-15 19:27 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 06:29 . 2011-04-15 19:26 1197056 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 06:24 . 2011-04-15 19:26 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 05:32 . 2011-04-15 19:27 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-15 19:26 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-02-24 05:30 . 2011-04-15 19:26 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-02-24 05:05 . 2011-04-15 19:26 482816 ----a-w- c:\windows\system32\html.iec

2011-02-24 04:24 . 2011-04-15 19:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-24 04:23 . 2011-04-15 19:26 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-02-24 03:50 . 2011-04-15 19:26 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-02-23 17:34 . 2011-03-11 21:38 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FBB4434-C0EE-43E0-9F05-8A091D557A48}\mpengine.dll

2011-02-23 05:16 . 2011-04-15 19:26 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:16 . 2011-04-15 19:26 401920 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:15 . 2011-04-15 19:26 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:15 . 2011-04-15 19:26 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:15 . 2011-04-15 19:26 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:15 . 2011-04-15 19:26 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:15 . 2011-04-15 19:26 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-12 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-03-26 2084]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-28 284696]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]

"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-14 380272]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-03-26 2084]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 136176]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 Normandy;Normandy SR2; [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-19 89600]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-09-29 338208]

S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-14 697712]

S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-14 646000]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-28 13336]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 06:28]

.

2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 06:28]

.

2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613712434-1546203145-1127523726-1001Core.job

- c:\users\Caitlin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 01:33]

.

2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613712434-1546203145-1127523726-1001UA.job

- c:\users\Caitlin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 01:33]

.

2011-05-10 c:\windows\Tasks\HPCeeScheduleForCAITLIN-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2011-05-21 c:\windows\Tasks\HPCeeScheduleForCaitlin.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF20631.cfxxe" [X]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-09-08 324096]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-19 525312]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\uv11umij.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Completion time: 2011-05-21 18:55:46 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-22 01:55

.

Pre-Run: 403,497,213,952 bytes free

Post-Run: 402,848,387,072 bytes free

.

- - End Of File - - DB10F62179A3CEA1F089FF11FAA0F5FF

aswMBR.txt

ComboFix.txt

Link to post
Share on other sites

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

4. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

  • 2 weeks later...

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member.

This applies only to the original topic starter. Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.