Jump to content

Google redirect virus - fsharproj - Xul cache

mendelpalace
 Share

Recommended Posts

mendelpalace

mendelpalace

Posted
Posted

So for a couple weeks now I've had a redirect problem on my computer. Google will often redirect my searchs to bogus websites. It seems to be linked to a "Xul cache" add on. When I run a MBAM scan it comes up with fsharproj trojan.bho when I remove it the problem goes away for a little bit but it just reinstalls itself whenever I restart the computer.

Here's my most recent Mbam log:

Database version: 7259

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18702

7/23/2011 10:28:08 PM

mbam-log-2011-07-23 (22-28-08).txt

Scan type: Quick scan

Objects scanned: 177681

Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Chris at 22:34:26 on 2011-07-23

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1:53253

BHO: {03e59477-3146-4489-9f07-181235cca9dd} - c:\windows\system32\atl32.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [updateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAyADgAMwAzADUANgA0ADgALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5ACsANgAtAE4AMQBGACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.901

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{1CE3C108-0C13-4CB0-809A-2F7F8B2AF7A1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{84519498-ADBA-447E-868F-7F02EE42FA54} : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{8C8F28CF-2B16-4D6B-8A5A-E672223BE1FC} : DhcpNameServer = 68.87.76.182 68.87.78.134

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll, c:\programdata\atl32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\s053jk36.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfe4130&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53253

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-07-23 17:29:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-23 17:29:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 17:29:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-23 17:20:17 -------- d-----w- c:\programdata\Malwarebytes

2011-07-22 14:12:15 -------- d-----w- c:\program files\ESET

2011-07-22 02:26:43 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com

2011-07-22 02:24:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-21 01:56:59 568320 ----a-w- c:\windows\system32\yA

2011-07-21 01:56:59 568320 ----a-w- c:\windows\system32\msxml332.exe

2011-07-21 01:56:58 357376 ----a-w- c:\windows\system32\atl32.dll

2011-06-30 03:05:16 0 ---ha-w- c:\windows\system32\qwqvaffdmp.tmp

2011-06-26 05:50:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-26 05:50:52 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-07-24 03:38:05 16 ----a-w- c:\windows\system32\msvcsv60.dll

2011-06-23 01:18:29 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-06 17:27:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2007-07-22 15:24:56 19 ----a-w- c:\program files\run.bat

.

============= FINISH: 22:35:06.21 ===============

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-07-23 23:10:16

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084

Running: gmer.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kxldapoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Chris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3212] ntdll.dll!LdrLoadDll 77B47933 5 Bytes JMP 00341410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!GetWindowInfo 77CF0560 5 Bytes JMP 68F45451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!SetWindowLongA 77CF0736 5 Bytes JMP 6912EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!SetWindowLongW 77CF1F35 5 Bytes JMP 6912ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4068] USER32.dll!TrackPopupMenu 77D01417 5 Bytes JMP 68F45A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747B7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747F98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747BD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747AF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747B7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747AE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747EB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747BD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747B012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747B0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747A71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7483D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747D75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747ADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747A668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747A66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2552] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747B1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000007b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00265ea2cce5 (not active ControlSet)

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265ea2cce5

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00265ea2cce5 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Any help is appreciated thank you.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
mendelpalace

mendelpalace

Posted
  • Author
Posted

New MBAM scan log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7306

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18702

7/27/2011 10:50:13 PM

mbam-log-2011-07-27 (22-50-13).txt

Scan type: Quick scan

Objects scanned: 181195

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

New DDS log:

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Chris at 22:51:04 on 2011-07-27

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1:53253

BHO: {03e59477-3146-4489-9f07-181235cca9dd} - c:\windows\system32\atl32.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [updateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAyADgAMwAzADUANgA0ADgALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5ACsANgAtAE4AMQBGACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.901

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{1CE3C108-0C13-4CB0-809A-2F7F8B2AF7A1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{84519498-ADBA-447E-868F-7F02EE42FA54} : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{8C8F28CF-2B16-4D6B-8A5A-E672223BE1FC} : DhcpNameServer = 192.168.227.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\s053jk36.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfe4130&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53253

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-07-28 05:26:31 0 ---ha-w- c:\users\chris\qwqvaffdmp.tmp

2011-07-28 05:24:59 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-28 05:24:57 -------- d-----w- c:\users\chris\appdata\local\temp

2011-07-28 05:12:20 -------- d-----w- C:\ComboFix

2011-07-28 01:08:39 253336 ----a-w- c:\users\chris\appdata\roaming\microsoft\identitycrl\ppcrlui.dll

2011-07-28 01:08:37 14744 ----a-w- c:\users\chris\appdata\roaming\microsoft\identitycrl\ppcrlconfig.dll

2011-07-27 03:59:24 -------- d-----w- c:\users\chris\riotsGamesLogs

2011-07-27 02:05:28 -------- d-----w- c:\programdata\id Software

2011-07-24 14:56:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-23 17:29:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-23 17:29:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 17:29:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-23 17:20:17 -------- d-----w- c:\programdata\Malwarebytes

2011-07-22 14:12:15 -------- d-----w- c:\program files\ESET

2011-07-22 02:26:43 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com

2011-07-22 02:24:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-21 01:56:59 568320 ----a-w- c:\windows\system32\yA

2011-07-21 01:56:59 568320 ----a-w- c:\windows\system32\msxml332.exe

2011-07-21 01:56:58 357376 ----a-w- c:\windows\system32\atl32.dll

2011-06-30 03:05:16 0 ---ha-w- c:\windows\system32\qwqvaffdmp.tmp

.

==================== Find3M ====================

.

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

2011-06-23 01:18:29 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-06 17:27:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2007-07-22 15:24:56 19 ----a-w- c:\program files\run.bat

.

============= FINISH: 22:51:34.03 ===============

Combofix Log is attached

Link to post
Share on other sites
mendelpalace

mendelpalace

Posted
  • Author
Posted

Combo Fix log just in case the attachment didn't work

ComboFix 11-07-28.01 - Chris 07/27/2011 22:14:17.3.2 - x86

Running from: c:\users\Chris\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\chrome.manifest

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\chrome\xulcache.jar

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\defaults\preferences\xulcache.js

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\install.rdf

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\iun6002.exe

c:\windows\s.bat

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{1092dd1d-e2f8-40e5-ac54-da41d2169632}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{1092dd1d-e2f8-40e5-ac54-da41d2169632}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{1092dd1d-e2f8-40e5-ac54-da41d2169632}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{1092dd1d-e2f8-40e5-ac54-da41d2169632}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{1092dd1d-e2f8-40e5-ac54-da41d2169632}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{17a8b822-c5bd-479c-a82c-e01199527798}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{17a8b822-c5bd-479c-a82c-e01199527798}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{17a8b822-c5bd-479c-a82c-e01199527798}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{17a8b822-c5bd-479c-a82c-e01199527798}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{17a8b822-c5bd-479c-a82c-e01199527798}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{2c73ebe1-e497-47b9-8c28-c6dde62fb4e1}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{2c73ebe1-e497-47b9-8c28-c6dde62fb4e1}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{2c73ebe1-e497-47b9-8c28-c6dde62fb4e1}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{2c73ebe1-e497-47b9-8c28-c6dde62fb4e1}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{2c73ebe1-e497-47b9-8c28-c6dde62fb4e1}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{5bd83c3b-391f-4110-a49a-b483de804a8c}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{5bd83c3b-391f-4110-a49a-b483de804a8c}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{5bd83c3b-391f-4110-a49a-b483de804a8c}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{5bd83c3b-391f-4110-a49a-b483de804a8c}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{5bd83c3b-391f-4110-a49a-b483de804a8c}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{610cc5eb-204c-45cc-8746-3014658eac7d}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{610cc5eb-204c-45cc-8746-3014658eac7d}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{610cc5eb-204c-45cc-8746-3014658eac7d}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{610cc5eb-204c-45cc-8746-3014658eac7d}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{610cc5eb-204c-45cc-8746-3014658eac7d}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{6980f96f-93c1-4fed-9a03-a66740892154}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{6980f96f-93c1-4fed-9a03-a66740892154}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{6980f96f-93c1-4fed-9a03-a66740892154}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{6980f96f-93c1-4fed-9a03-a66740892154}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{6980f96f-93c1-4fed-9a03-a66740892154}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{958761e9-5805-4c93-8374-6a97e9f5ccc6}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{958761e9-5805-4c93-8374-6a97e9f5ccc6}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{958761e9-5805-4c93-8374-6a97e9f5ccc6}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{958761e9-5805-4c93-8374-6a97e9f5ccc6}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{958761e9-5805-4c93-8374-6a97e9f5ccc6}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{967dc48d-7c2c-4908-8603-fed25599e27b}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{967dc48d-7c2c-4908-8603-fed25599e27b}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{967dc48d-7c2c-4908-8603-fed25599e27b}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{967dc48d-7c2c-4908-8603-fed25599e27b}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{967dc48d-7c2c-4908-8603-fed25599e27b}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{a0acce79-8846-4eef-96f5-4ffe6272cabd}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{a0acce79-8846-4eef-96f5-4ffe6272cabd}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{a0acce79-8846-4eef-96f5-4ffe6272cabd}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{a0acce79-8846-4eef-96f5-4ffe6272cabd}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{a0acce79-8846-4eef-96f5-4ffe6272cabd}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{adbac76e-0a3e-4bbb-ab82-843b0f810e30}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{adbac76e-0a3e-4bbb-ab82-843b0f810e30}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{adbac76e-0a3e-4bbb-ab82-843b0f810e30}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{adbac76e-0a3e-4bbb-ab82-843b0f810e30}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{adbac76e-0a3e-4bbb-ab82-843b0f810e30}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{b86ca90d-a494-4b53-a044-4e3afe6f6fc6}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{b86ca90d-a494-4b53-a044-4e3afe6f6fc6}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{b86ca90d-a494-4b53-a044-4e3afe6f6fc6}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{b86ca90d-a494-4b53-a044-4e3afe6f6fc6}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{b86ca90d-a494-4b53-a044-4e3afe6f6fc6}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d0156a56-f727-496e-9b59-ee48e68e9a99}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d0156a56-f727-496e-9b59-ee48e68e9a99}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d0156a56-f727-496e-9b59-ee48e68e9a99}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d0156a56-f727-496e-9b59-ee48e68e9a99}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d0156a56-f727-496e-9b59-ee48e68e9a99}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d4d191cf-0ed7-42c3-afd3-c897c76a6867}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d4d191cf-0ed7-42c3-afd3-c897c76a6867}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d4d191cf-0ed7-42c3-afd3-c897c76a6867}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d4d191cf-0ed7-42c3-afd3-c897c76a6867}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{d4d191cf-0ed7-42c3-afd3-c897c76a6867}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dadf21f9-783f-4d4b-8a25-17a89da2f58a}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dadf21f9-783f-4d4b-8a25-17a89da2f58a}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dadf21f9-783f-4d4b-8a25-17a89da2f58a}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dadf21f9-783f-4d4b-8a25-17a89da2f58a}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dadf21f9-783f-4d4b-8a25-17a89da2f58a}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dc5d8f27-9de2-4736-8a2c-7d3c2ff0a838}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dc5d8f27-9de2-4736-8a2c-7d3c2ff0a838}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dc5d8f27-9de2-4736-8a2c-7d3c2ff0a838}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dc5d8f27-9de2-4736-8a2c-7d3c2ff0a838}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dc5d8f27-9de2-4736-8a2c-7d3c2ff0a838}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{dde12f20-dfbe-4379-9d9f-8c72f784d54a}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e76ae07a-c9ba-44a8-98a7-a3ad27c64809}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e76ae07a-c9ba-44a8-98a7-a3ad27c64809}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e76ae07a-c9ba-44a8-98a7-a3ad27c64809}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e76ae07a-c9ba-44a8-98a7-a3ad27c64809}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e76ae07a-c9ba-44a8-98a7-a3ad27c64809}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e8a7d914-2e36-4b28-91e7-af4900179f7a}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e8a7d914-2e36-4b28-91e7-af4900179f7a}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e8a7d914-2e36-4b28-91e7-af4900179f7a}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e8a7d914-2e36-4b28-91e7-af4900179f7a}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{e8a7d914-2e36-4b28-91e7-af4900179f7a}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{eabc086e-73b2-4dc2-a0bb-d8ac53188573}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{eabc086e-73b2-4dc2-a0bb-d8ac53188573}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{eabc086e-73b2-4dc2-a0bb-d8ac53188573}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{eabc086e-73b2-4dc2-a0bb-d8ac53188573}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{eabc086e-73b2-4dc2-a0bb-d8ac53188573}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{f1eeb5df-708f-4784-ab7f-a52dbff62204}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{f1eeb5df-708f-4784-ab7f-a52dbff62204}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{f1eeb5df-708f-4784-ab7f-a52dbff62204}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{f1eeb5df-708f-4784-ab7f-a52dbff62204}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{f1eeb5df-708f-4784-ab7f-a52dbff62204}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fdceae9e-765a-4550-b1c5-66c277b880d8}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fdceae9e-765a-4550-b1c5-66c277b880d8}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fdceae9e-765a-4550-b1c5-66c277b880d8}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fdceae9e-765a-4550-b1c5-66c277b880d8}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fdceae9e-765a-4550-b1c5-66c277b880d8}\install.rdf

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fef2489b-d791-4539-8093-23b7545577c7}

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fef2489b-d791-4539-8093-23b7545577c7}\chrome.manifest

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fef2489b-d791-4539-8093-23b7545577c7}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fef2489b-d791-4539-8093-23b7545577c7}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\lo0qs56y.default\extensions\{fef2489b-d791-4539-8093-23b7545577c7}\install.rdf

c:\windows\system32\msvcsv60.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))

.

.

2011-07-28 05:22 . 2011-07-28 05:22 -------- d-----w- c:\users\Chris\AppData\Local\temp

2011-07-28 05:22 . 2011-07-28 05:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-28 05:22 . 2011-07-28 05:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-28 05:22 . 2011-07-28 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-28 05:12 . 2011-07-28 05:12 -------- d-----w- C:\32788R22FWJFW

2011-07-28 01:08 . 2011-07-28 01:08 253336 ----a-w- c:\users\Chris\AppData\Roaming\Microsoft\IdentityCRL\ppcrlui.dll

2011-07-28 01:08 . 2011-07-28 01:08 14744 ----a-w- c:\users\Chris\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll

2011-07-27 03:59 . 2011-07-28 03:53 -------- d-----w- c:\users\Chris\riotsGamesLogs

2011-07-27 02:05 . 2011-07-27 02:05 -------- d-----w- c:\programdata\id Software

2011-07-24 14:56 . 2011-07-24 15:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-24 02:34 . 2011-07-24 02:35 -------- d-----w- c:\programdata\Microsoft Help

2011-07-23 17:29 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-23 17:29 . 2011-07-23 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-23 17:29 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 17:26 . 2011-07-23 17:26 -------- d-----w- c:\programdata\FLEXnet

2011-07-23 17:20 . 2011-07-23 17:20 -------- d-----w- c:\programdata\Malwarebytes

2011-07-22 14:12 . 2011-07-22 14:12 -------- d-----w- c:\program files\ESET

2011-07-22 02:26 . 2011-07-22 02:26 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com

2011-07-22 02:24 . 2011-07-22 18:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-21 01:56 . 2011-07-21 01:56 568320 ----a-w- c:\windows\system32\yA

2011-07-21 01:56 . 2011-07-21 01:56 568320 ----a-w- c:\windows\system32\msxml332.exe

2011-07-21 01:56 . 2011-07-21 01:56 357376 ----a-w- c:\windows\system32\atl32.dll

2011-06-30 03:05 . 2011-06-30 03:05 0 ---ha-w- c:\windows\system32\qwqvaffdmp.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-23 01:18 . 2011-06-22 14:15 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-06 17:27 . 2011-06-06 17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2007-07-22 15:24 . 2010-07-28 02:34 19 ----a-w- c:\program files\run.bat

2011-06-26 05:50 . 2011-06-23 02:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E59477-3146-4489-9F07-181235CCA9Dd}]

2011-07-21 01:56 357376 ----a-w- c:\windows\System32\atl32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]

"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-16 5330760]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-19 8828744]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAyADgAMwAzADUANgA0ADgALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAEYAUAA5ACsANgAtAE4AMQBGACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA∏=90&ver=9.0.901" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-06-30 13:50 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3236531311-366751145-1597881008-1005]

"EnableNotificationsRef"=dword:00000001

.

R0 jwytjrgn;jwytjrgn; [x]

R0 ypisbpp;ypisbpp;c:\windows\System32\drivers\tkdqejw.sys [x]

R2 Bonjour Service32;Bonjour Service ;c:\windows\system32\serialui32.exe [x]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 GarenaPEngine;GarenaPEngine;c:\users\Chris\AppData\Local\Temp\AJK10F3.tmp [x]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-06-20 212992]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\314F.tmp [x]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-07-09 82928]

R3 ZDPSp60;ZDPSp60 NDIS Protocol Driver;c:\windows\system32\Drivers\ZDPSp60.sys [x]

R4 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2008-10-06 180912]

R4 FHPService;FHPService;c:\program files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe [2008-07-23 169256]

R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]

R4 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 430080]

S1 funfrm;funfrm; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2009-07-09 48144]

S2 W32Time32;Windows Time ;c:\windows\system32\msxml332.exe [2011-07-21 568320]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-07-14 21008]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-20 107360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-28 c:\windows\Tasks\User_Feed_Synchronization-{A22F883A-B1EB-4915-A1F9-E1F1ABB616E0}.job

- c:\windows\system32\msfeedssync.exe [2010-04-29 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1:53253

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\s053jk36.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfe4130&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53253

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe

AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe

AddRemove-Native Instruments Controller Editor - c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe

AddRemove-Native Instruments Kontakt 4 - c:\programdata\{BF329843-149E-4A5A-82A1-0250286442D0}\Kontakt 4 Setup PC.exe

AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe

AddRemove-{43E7798A-248E-4A3D-9969-FEA63543A462} - c:\programdata\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.exe

AddRemove-{EC015649-3B3C-4611-9C66-453F8011E944} - c:\programdata\{BF329843-149E-4A5A-82A1-0250286442D0}\Kontakt 4 Setup PC.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-27 22:22

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\Chris\AppData\Local\Temp\AJK10F3.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\314F.tmp"

.

Completion time: 2011-07-27 22:24:55

ComboFix-quarantined-files.txt 2011-07-28 05:24

ComboFix2.txt 2010-06-16 04:32

.

Pre-Run: 24,705,650,688 bytes free

Post-Run: 24,810,213,376 bytes free

.

- - End Of File - - E37D930400839B320CE6A8E226CE5D29

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.