Jump to content

Malware scans


Recommended Posts

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7435

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

8/12/2011 4:23:35 PM

mbam-log-2011-08-12 (16-23-35).txt

Scan type: Quick scan

Objects scanned: 182282

Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Run by Tai Burton at 16:27:01 on 2011-08-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1828 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\KBDLAO32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\yA

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - C:\Program Files (x86)\Shop to Win 4\ShoppingBHO.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - C:\Windows\SysWow64\TwcToolbarIe7.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [sightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; MDDC; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.candystand.com/play/8-ball-billiards-mp"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\TAIBUR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\TAIBUR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{D4CE879D-4B72-4D63-A387-2FA940CA4CA6} : DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{FEF8CB45-D7BD-4866-9B68-044A13423C11} : DhcpNameServer = 68.87.68.166 68.87.74.166

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli FAPassSync

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files (x86)\Shop to Win 4\ShoppingBHO.dll

BHO-X64: Freecause Shopping BHO - No File

BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: FAIESSO Helper Object - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [FAStartup]

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Tai Burton\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll

FF - plugin: C:\Users\Tai Burton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Users\Tai Burton\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Users\Tai Burton\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 msiserver32;Windows Installer ;C:\Windows\System32\KBDLAO32.exe [2011-8-12 656896]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-1-1 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA013Ufd.sys --> C:\Windows\system32\DRIVERS\OA013Ufd.sys [?]

S3 OA013Vid;Creative Camera OA013 Function Driver;C:\Windows\system32\DRIVERS\OA013Vid.sys --> C:\Windows\system32\DRIVERS\OA013Vid.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-08-12 18:02:24 656896 ----a-w- C:\Windows\SysWow64\yA

2011-08-12 18:02:21 656896 ----a-w- C:\Windows\SysWow64\KBDLAO32.exe

2011-08-11 16:42:55 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{71415F4C-9C2B-4C25-A68C-6270827BD945}

2011-08-11 16:42:45 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{F3DFB167-F992-4FEA-B416-3C75C471BF59}

2011-08-11 13:53:42 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53:42 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48:43 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-10 16:59:44 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-08-10 15:43:01 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-08-10 14:59:40 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-08-09 16:17:17 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{7EFD793C-4222-4C78-BCEC-3933392EEA81}

2011-08-09 16:17:07 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{0DB7C2A1-7933-4272-BF5C-D8C5C9790A63}

2011-08-09 09:27:13 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{A575EC13-7F85-482A-B8F9-90C7FE07649E}

2011-08-09 09:27:02 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{12634A97-49E2-40A2-8CC5-BE325BF3AE2B}

2011-08-08 21:55:10 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{B8932769-26CE-484C-8EA5-5FD76D187664}

2011-08-08 21:55:00 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{B1537893-24CD-419B-9EE2-D0B3584F3593}

2011-08-08 15:35:47 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{71E8231C-2FD1-4982-8D50-6AFA176E7E56}

2011-08-08 15:35:34 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{664C8404-9903-4AB6-B022-73F92293C4EA}

2011-08-08 01:35:44 -------- d-----w- C:\Users\Tai Burton\New Folder (1)

2011-08-08 01:35:30 -------- d-----w- C:\Users\Tai Burton\New Folder

2011-08-06 04:15:15 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{CF7B9BD9-1EC9-4F22-90FB-F60B378E8CD5}

2011-08-06 04:15:04 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{CBD86BA3-873B-49E9-9C4B-25ED3A01FBA3}

2011-08-06 04:02:40 -------- d-----w- C:\Program Files\iPod(252)

2011-08-06 04:02:40 -------- d-----w- C:\Program Files\iPod

2011-08-06 04:02:37 -------- d-----w- C:\Program Files\iTunes

2011-08-06 04:02:37 -------- d-----w- C:\Program Files (x86)\iTunes(181)

2011-08-06 04:02:37 -------- d-----w- C:\Program Files (x86)\iTunes

2011-08-06 03:55:29 -------- d-----w- C:\Program Files\Bonjour

2011-08-06 03:55:29 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-08-06 00:26:03 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{FE396B5D-8B52-4112-AA79-7D4D446C47FF}

2011-08-06 00:25:53 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{F297FC44-DCAD-4BDB-9BCB-682F017660A5}

2011-08-05 13:45:30 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{8155173B-0FBD-40E6-8A5C-CB7EC4FDC583}

2011-08-05 13:45:14 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{C34A5706-B1F1-4B23-9CBE-BACDEA8AE604}

2011-08-04 19:53:24 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{4F515A0F-C99D-4BA9-9784-9F0230F40DE8}

2011-08-04 19:52:56 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{159E1723-9534-4EAB-8035-1C95DC1C59DE}

2011-08-03 15:35:24 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{69E8B3A8-460A-4FB4-B596-A063E989747A}

2011-08-02 13:31:40 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{A3BA5B08-FB8A-4BF8-A955-E34CD0188ED6}

2011-08-02 01:31:06 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{13A8CF0E-44B7-4E24-94C9-E7560AA245D5}

2011-08-01 13:30:45 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{6B29DF2B-C3B6-4144-B41C-20E1D231E91F}

2011-07-29 13:41:51 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{BA8A01C6-1DA2-4907-92CA-B4ADD51F25BE}

2011-07-28 02:00:44 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{B1E94AE5-0D18-4795-B1A2-40D0A8FA61AC}

2011-07-26 16:04:04 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{6F7CB89C-35DC-490C-8B4E-E1A8DC81FB26}

2011-07-25 09:00:37 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{AFAA7235-A32A-42BB-A41C-89CB140D7140}

2011-07-23 14:19:04 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{F0E216B2-2AF4-47A1-9FBD-1B32959A287B}

2011-07-20 14:31:19 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{444A7E1B-E76E-4BF9-A090-6A1F459A10C1}

2011-07-18 19:26:28 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{A3A97DEC-4307-4704-A04D-8044C631F208}

2011-07-16 14:23:36 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{A92A681D-BD0A-46B2-893A-45952FE8A4D3}

2011-07-15 17:06:13 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{CA8056E7-8036-4C29-B446-AB92453964B7}

2011-07-14 18:49:46 -------- d-----w- C:\Users\Tai Burton\AppData\Local\{DD93BAF2-95F4-4460-A5AD-1B15532C3083}

.

==================== Find3M ====================

.

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-13 21:20:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-07 18:27:22 77888 ----a-w- C:\Users\Tai Burton\InstallIMVU_463.0_st_c.exe

2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 16:28:36.62 ===============

Attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

prior to combofix, my laptop was running slowly because symantec endpoint protection kept having a pop up saying i had a virus risk and kept counting them. So i tried uninstalling it but after 10 or more mins of it not going anywhere i cancelled. When restarting there are still symantec files but it is no longer in the uninstall part of control panel. Is there a way to uninstall it completely? Ive started using spyware doctor full version. My laptop is a little faster. After combofix was ran I didnt notice a difference... Here is my combofix.. Thanks!!!

ComboFix 11-08-15.06 - Tai Burton 08/14/2011 16:56:27.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1955 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Shop to Win 4\ShOPpingbho.dll

c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll

c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll

c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll

c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}\install.rdf

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}\install.rdf

c:\users\Tai Burton\InstallIMVU_463.0_st_c.exe

c:\users\Tai Burton\sdasetup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))

.

.

2011-08-14 21:24 . 2011-08-14 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-14 17:57 . 2011-08-14 17:57 329728 ----a-w- c:\windows\SysWow64\AudioSes32.dll

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-12 18:02 . 2011-08-12 17:49 656896 ----a-w- c:\windows\SysWow64\yA

2011-08-12 18:02 . 2011-08-12 17:49 656896 ----a-w- c:\windows\SysWow64\KBDLAO32.exe

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01A622C3-8885-4A9F-BBF3-F38493B79E46}]

2011-08-14 17:57 329728 ----a-w- c:\windows\SysWOW64\AudioSes32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PCTSDInjDriver64

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-23 3215440]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

SafeBoot-Symantec Antvirus

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2011-08-14 17:31:37

ComboFix-quarantined-files.txt 2011-08-14 21:31

.

Pre-Run: 322,054,574,080 bytes free

Post-Run: 321,961,041,920 bytes free

.

- - End Of File - - 8D50A8BCC2AB01DFFABFD016AFEC9F6A

Link to post
Share on other sites

I found everything it asked me to but when going through the different product code keys I was unable to find the one that had "DisplayName value is Symantec Endpoint Protection". It wasnt listed. Ive also noticed when using google it redirects my page. Thank you for your help.

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\SysWow64\KBDLAO32.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

KBDLAO32.exe

Submission date:

2011-08-15 14:46:07 (UTC)

Current status:

finished

Result:

21/ 43 (48.8%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.08.15.00 2011.08.15 Malware/Win32.Generic

AntiVir 7.11.13.45 2011.08.15 TR/Dldr.Tracur.Y.35

Antiy-AVL 2.0.3.7 2011.08.15 -

Avast 4.8.1351.0 2011.08.15 Win32:Tracur-DC [Trj]

Avast5 5.0.677.0 2011.08.15 Win32:Tracur-DC [Trj]

AVG 10.0.0.1190 2011.08.15 SHeur3.CNYS

BitDefender 7.2 2011.08.15 Trojan.Generic.KDV.316802

CAT-QuickHeal 11.00 2011.08.13 -

ClamAV 0.97.0.0 2011.08.15 -

Commtouch 5.3.2.6 2011.08.15 -

Comodo 9754 2011.08.15 Heur.Suspicious

DrWeb 5.0.2.03300 2011.08.15 Trojan.AVKill.9037

Emsisoft 5.1.0.8 2011.08.15 Trojan-Downloader.Win32.Tracur!IK

eSafe 7.0.17.0 2011.08.14 Win32.TrojanDownload

eTrust-Vet 36.1.8502 2011.08.15 -

F-Prot 4.6.2.117 2011.08.15 -

F-Secure 9.0.16440.0 2011.08.15 Trojan.Generic.KDV.316802

Fortinet 4.2.257.0 2011.08.15 -

GData 22 2011.08.15 Trojan.Generic.KDV.316802

Ikarus T3.1.1.107.0 2011.08.15 Trojan-Downloader.Win32.Tracur

Jiangmin 13.0.900 2011.08.15 -

K7AntiVirus 9.109.5017 2011.08.15 -

Kaspersky 9.0.0.837 2011.08.15 -

McAfee 5.400.0.1158 2011.08.15 Artemis!A13FC48E750B

McAfee-GW-Edition 2010.1D 2011.08.15 Artemis!A13FC48E750B

Microsoft 1.7104 2011.08.15 TrojanDownloader:Win32/Tracur.Y

NOD32 6379 2011.08.15 -

Norman 6.07.10 2011.08.15 -

nProtect 2011-08-14.01 2011.08.14 Gen:Variant.Kazy.33850

Panda 10.0.3.5 2011.08.15 Trj/CI.A

PCTools 8.0.0.5 2011.08.15 -

Prevx 3.0 2011.08.15 -

Rising 23.71.00.03 2011.08.15 -

Sophos 4.68.0 2011.08.15 Mal/Tracur-C

SUPERAntiSpyware 4.40.0.1006 2011.08.13 -

Symantec 20111.2.0.82 2011.08.15 -

TheHacker 6.7.0.1.277 2011.08.15 -

TrendMicro 9.500.0.1008 2011.08.15 -

TrendMicro-HouseCall 9.500.0.1008 2011.08.15 TROJ_GEN.R47C2HF

VBA32 3.12.16.4 2011.08.15 -

VIPRE 10170 2011.08.15 Trojan.Win32.Generic!BT

ViRobot 2011.8.13.4621 2011.08.15 -

VirusBuster 14.0.168.0 2011.08.14 -

Additional information

MD5 : a13fc48e750bfb4404346bdd3fd91d3a

SHA1 : 4f16351c0661f59441c3c72df3a432ccc629ddc4

SHA256: 550a9fbdc68698d3ae0fe6afc6a274b5d6d164f3c6fb83ea104b4c98bdd3df24

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Link to post
Share on other sites

We need to get copies of that file

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://forums.malwarebytes.org/index.php?showtopic=92455&st=0

Collect::
c:\windows\SysWow64\yA
c:\windows\SysWow64\KBDLAO32.exe

File::
c:\windows\SysWOW64\AudioSes32.dll

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01A622C3-8885-4A9F-BBF3-F38493B79E46}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

When combofix restarted my computer i got a pop up saying C:\windows\system32\gfxui.exe a device attached to the system is not functioning. Internet explorer isnt redirecting me anymore.. and it seems faster. Here is my Combofix. Thank you!

ComboFix 11-08-15.07 - Tai Burton 08/15/2011 11:50:52.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1891 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

Command switches used :: c:\users\Tai Burton\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWOW64\AudioSes32.dll"

.

.

.

((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))

.

.

2011-08-15 16:12 . 2011-08-15 16:12 329728 ----a-w- c:\windows\SysWow64\AudioSes32.dll

2011-08-15 16:12 . 2011-08-15 16:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-15 16:12 . 2011-08-15 16:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\KBDLAO32.exe

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 17:49 . 2011-08-12 18:02 656896 ------w- c:\windows\SysWow64\yA

2011-07-22 02:48 . 2011-08-12 01:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-15 16:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 16:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 16:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-15 16:16 75716 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-15 16:16 84012 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-15 16:16 18838 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-15 16:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-15 16:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-15 16:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-15 16:14 . 2011-08-15 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-15 16:14 . 2011-08-15 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-15 00:02 328740 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-05 03:45 . 2011-08-15 16:12 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2010-11-06 09:56 . 2011-08-15 16:12 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-15 15:30 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PCTSDInjDriver64

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\KBDLAO32.exe

c:\program files (x86)\PC Tools Security\pctsSvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\SysWOW64\yA

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2011-08-15 12:28:39 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-15 16:28

ComboFix2.txt 2011-08-14 21:31

.

Pre-Run: 321,672,019,968 bytes free

Post-Run: 321,649,496,064 bytes free

.

- - End Of File - - DF12556C703CDF0635914238642DDE78

Upload was successful

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\SysWow64\AudioSes32.dll
c:\windows\SysWow64\KBDLAO32.exe
c:\windows\SysWow64\yA

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

It seems to be running ok. I dont notice much of a change.

ComboFix 11-08-15.07 - Tai Burton 08/15/2011 16:30:56.4.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1668 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

Command switches used :: c:\users\Tai Burton\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\AudioSes32.dll"

"c:\windows\SysWow64\KBDLAO32.exe"

"c:\windows\SysWow64\yA"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll

c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll

c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll

c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}\chrome.manifest

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))

.

.

2011-08-15 20:55 . 2011-08-15 20:55 329728 ----a-w- c:\windows\SysWow64\AudioSes32.dll

2011-08-15 20:55 . 2011-08-15 20:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-15 20:55 . 2011-08-15 20:55 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-15 20:55 . 2011-08-15 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\yA

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\KBDLAO32.exe

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-15 20:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 20:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 20:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-15 20:59 75980 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-15 20:59 84148 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-15 20:59 19048 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-15 20:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-15 20:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-15 20:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-15 20:57 . 2011-08-15 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-15 20:57 . 2011-08-15 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-15 20:16 329716 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-05 03:45 . 2011-08-15 20:55 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-09 01:41 . 2011-08-15 20:55 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-04-09 01:41 . 2011-08-14 00:54 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-11-06 09:56 . 2011-08-15 20:55 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-15 17:12 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01A622C3-8885-4A9F-BBF3-F38493B79E46}]

2011-08-15 20:55 329728 ----a-w- c:\windows\SysWOW64\AudioSes32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PCTSDInjDriver64

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\KBDLAO32.exe

c:\program files (x86)\PC Tools Security\pctsSvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\windows\SysWOW64\yA

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2011-08-15 17:11:14 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-15 21:11

ComboFix2.txt 2011-08-15 16:30

ComboFix3.txt 2011-08-14 21:31

.

Pre-Run: 321,628,971,008 bytes free

Post-Run: 321,503,690,752 bytes free

.

- - End Of File - - 0437AC132EFDE0572DDFC6BE809D6EB6

Link to post
Share on other sites

These bad guys keep coming back

FILE ::

"c:\windows\SysWow64\AudioSes32.dll"

"c:\windows\SysWow64\KBDLAO32.exe"

"c:\windows\SysWow64\yA"

Try this:

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

The only log.txt i found under Esetonlinescanner was this...

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

In case that isnt it i saved this txt at the end of the scan.

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1c497730-dc3c-4f41-a8d5-5da6e603da7e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{1f77faef-5b05-432c-be1a-b774f2636554}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{2b645e51-5fdd-4d4a-ac3e-c89b98aa28f4}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{39b8e46d-c869-4119-a64a-1c9b0871d3c5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{8d00e98f-abfe-42d9-9213-34013614cf7d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9c17a05c-38f4-4df2-ae67-90b4f096bca2}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{bf9076ab-41aa-4204-815d-c3d09da83deb}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{da5cdbe7-2342-4cb2-8c59-b23358bb2f6f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{fbe9dd3d-b7a4-4a31-9579-013fa9009b69}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9cdd3fae-d9b6-4b15-be4c-38954d35551e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

Link to post
Share on other sites

ComboFix 11-08-16.02 - Tai Burton 08/16/2011 11:38:48.5.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2018 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9cdd3fae-d9b6-4b15-be4c-38954d35551e}

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9cdd3fae-d9b6-4b15-be4c-38954d35551e}\chrome\xulcache.jar

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9cdd3fae-d9b6-4b15-be4c-38954d35551e}\defaults\preferences\xulcache.js

c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\extensions\{9cdd3fae-d9b6-4b15-be4c-38954d35551e}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))

.

.

2011-08-16 15:59 . 2011-08-16 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-16 15:59 . 2011-08-16 15:59 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-16 15:59 . 2011-08-16 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-15 22:02 . 2011-08-15 22:02 -------- d-----w- c:\program files (x86)\ESET

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\yA

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\KBDLAO32.exe

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-16 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-16 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-16 15:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-16 15:27 76060 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-16 15:27 84172 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-16 15:27 19088 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-16 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-16 15:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-16 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-16 15:23 . 2011-08-16 15:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-16 15:23 . 2011-08-16 15:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-16 12:38 332628 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-05 03:45 . 2011-08-16 15:22 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-09 01:41 . 2011-08-15 20:55 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-04-09 01:41 . 2011-08-14 00:54 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-11-06 09:56 . 2011-08-16 15:22 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-16 01:59 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2011-08-16 12:06:10

ComboFix-quarantined-files.txt 2011-08-16 16:06

ComboFix2.txt 2011-08-15 21:11

ComboFix3.txt 2011-08-15 16:30

ComboFix4.txt 2011-08-14 21:31

.

Pre-Run: 320,984,465,408 bytes free

Post-Run: 320,954,642,432 bytes free

.

- - End Of File - - 017D0CA1C3FA9F572D05413C011B7740

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\SysWow64\KBDLAO32.exe
c:\windows\SysWow64\yA

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Still seems a little slow. My spyware doctor still picks up trojans when laptop is restarted.

ComboFix 11-08-16.02 - Tai Burton 08/16/2011 13:29:16.6.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2003 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

Command switches used :: c:\users\Tai Burton\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\KBDLAO32.exe"

"c:\windows\SysWow64\yA"

.

.

((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))

.

.

2011-08-16 17:49 . 2011-08-16 17:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-16 17:49 . 2011-08-16 17:49 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-16 17:49 . 2011-08-16 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-15 22:02 . 2011-08-15 22:02 -------- d-----w- c:\program files (x86)\ESET

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\yA

2011-08-12 18:02 . 2011-08-12 17:49 656896 ------w- c:\windows\SysWow64\KBDLAO32.exe

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-16 17:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-16 17:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-16 17:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-16 17:53 76214 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-16 17:53 84172 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-16 17:53 19120 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-16 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-16 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-16 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-16 17:51 . 2011-08-16 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-16 17:51 . 2011-08-16 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-16 17:21 333124 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-05 03:45 . 2011-08-16 17:49 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-09 01:41 . 2011-08-15 20:55 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-04-09 01:41 . 2011-08-14 00:54 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-11-06 09:56 . 2011-08-16 17:49 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-16 01:59 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-16 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\KBDLAO32.exe

c:\program files (x86)\PC Tools Security\pctsSvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\windows\SysWOW64\yA

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

.

**************************************************************************

.

Completion time: 2011-08-16 14:04:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-16 18:04

ComboFix2.txt 2011-08-16 16:06

ComboFix3.txt 2011-08-15 21:11

ComboFix4.txt 2011-08-15 16:30

ComboFix5.txt 2011-08-16 17:24

.

Pre-Run: 320,609,751,040 bytes free

Post-Run: 320,610,242,560 bytes free

.

- - End Of File - - 8E0370C0C7F3B20E0F6BE4415B74E0F7

Link to post
Share on other sites

Something is protecting these.

c:\windows\SysWOW64\KBDLAO32.exe

c:\windows\SysWOW64\yA

Bring up Taskmanager and end the process for:

KBDLAO32.exe

yA

Delete these files:

c:\windows\SysWOW64\KBDLAO32.exe

c:\windows\SysWOW64\yA

If they won't delete in Normal Mode, restart in Safe Mode and try the above.

Link to post
Share on other sites

The processes wouldnt end in normal mode, Id end it and it would reappear. I looked for it in safemode and it wasnt there. As for the files I tried deleting in normal mode and it wouldnt let me. I tried in Safe mode and KBDLAO32.exe wasnt there. I was able to delete yA file though. Once I restarted laptop the processes werent there, but i did not end them.

Link to post
Share on other sites

I hope so!! Here is the scan.

ComboFix 11-08-16.05 - Tai Burton 08/16/2011 21:12:51.7.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1841 [GMT -4:00]

Running from: c:\combofix\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))

.

.

2011-08-17 01:33 . 2011-08-17 01:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-17 01:33 . 2011-08-17 01:33 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-17 01:33 . 2011-08-17 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-17 00:31 . 2011-08-17 00:31 -------- d-----w- c:\users\Tai Burton\AppData\Local\Apple Computer

2011-08-16 19:19 . 2011-08-16 19:19 329728 ----a-w- c:\windows\SysWow64\AudioSes32.dll

2011-08-15 22:02 . 2011-08-15 22:02 -------- d-----w- c:\program files (x86)\ESET

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-17 01:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-17 01:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-17 01:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-17 00:59 76222 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-17 00:59 84188 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-17 00:59 19136 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-17 00:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-17 00:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-17 00:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-17 00:56 . 2011-08-17 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-17 00:56 . 2011-08-17 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-17 00:30 334940 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-05 03:45 . 2011-08-17 00:55 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-09 01:41 . 2011-08-15 20:55 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-04-09 01:41 . 2011-08-14 00:54 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-11-06 09:56 . 2011-08-17 00:55 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-17 00:55 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R2 msiserver32;Windows Installer ;c:\windows\system32\KBDLAO32.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-16 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{01A622C3-8885-4A9F-BBF3-F38493B79E46} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2011-08-16 21:40:12

ComboFix-quarantined-files.txt 2011-08-17 01:40

ComboFix2.txt 2011-08-16 18:04

ComboFix3.txt 2011-08-16 16:06

ComboFix4.txt 2011-08-15 21:11

ComboFix5.txt 2011-08-17 01:08

.

Pre-Run: 320,286,404,608 bytes free

Post-Run: 320,251,428,864 bytes free

.

- - End Of File - - E04342BC3AA3B6DE7624F77B4D74C168

Link to post
Share on other sites

One more

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\SysWow64\AudioSes32.dll

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

It seems the same.. Im still getting the same trojans coming up.

ComboFix 11-08-17.02 - Tai Burton 08/17/2011 11:35:29.8.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1979 [GMT -4:00]

Running from: c:\users\Tai Burton\Desktop\ComboFix.exe

Command switches used :: c:\users\Tai Burton\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\AudioSes32.dll"

.

.

((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))

.

.

2011-08-17 15:55 . 2011-08-17 15:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-08-17 15:55 . 2011-08-17 15:55 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-17 15:55 . 2011-08-17 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-17 00:31 . 2011-08-17 00:31 -------- d-----w- c:\users\Tai Burton\AppData\Local\Apple Computer

2011-08-15 22:02 . 2011-08-15 22:02 -------- d-----w- c:\program files (x86)\ESET

2011-08-14 00:26 . 2011-01-20 17:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-08-14 00:26 . 2011-01-20 17:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-08-14 00:15 . 2011-08-14 00:26 -------- d-----w- c:\programdata\PC Tools

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 13:53 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:48 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 16:59 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 15:43 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 14:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder (1)

2011-08-08 01:35 . 2011-08-08 01:35 -------- d-----w- c:\users\Tai Burton\New Folder

2011-08-06 04:02 . 2011-08-17 02:11 -------- d-----w- c:\program files\iPod

2011-08-06 04:02 . 2011-08-17 02:11 -------- d-----w- c:\program files (x86)\iTunes

2011-08-06 04:02 . 2011-08-12 14:58 -------- d-----w- c:\program files\iTunes

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files\Bonjour

2011-08-06 03:55 . 2011-08-06 03:55 -------- d-----w- c:\program files (x86)\Bonjour

2011-08-06 03:37 . 2011-08-06 03:37 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 21:20 . 2011-06-14 11:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-06 23:52 . 2011-04-07 20:10 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-04-07 20:10 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-25 14:45 . 2011-06-25 14:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-25 14:45 . 2011-06-25 14:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-25 14:45 . 2011-06-25 14:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-25 14:45 . 2011-06-25 14:45 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-25 14:45 . 2011-06-25 14:45 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-25 14:45 . 2011-06-25 14:45 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-25 14:45 . 2011-06-25 14:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-25 14:45 . 2011-06-25 14:45 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-25 14:45 . 2011-06-25 14:45 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-25 14:45 . 2011-06-25 14:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-25 14:45 . 2011-06-25 14:45 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-25 14:45 . 2011-06-25 14:45 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-25 14:45 . 2011-06-25 14:45 448512 ----a-w- c:\windows\system32\html.iec

2011-06-25 14:45 . 2011-06-25 14:45 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-25 14:45 . 2011-06-25 14:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-25 14:45 . 2011-06-25 14:45 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-25 14:45 . 2011-06-25 14:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-25 14:45 . 2011-06-25 14:45 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-25 14:45 . 2011-06-25 14:45 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-02 13:50 . 2011-07-13 19:51 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-14_21.24.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-08-17 15:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-17 15:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-14 21:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-17 15:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-17 16:00 76570 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-17 16:00 84188 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-01 17:00 . 2011-08-17 16:00 19152 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947161117-1070136940-3011672290-1000_UserData.bin

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-17 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-01 16:56 . 2011-08-17 15:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-01 16:56 . 2011-08-14 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-01 16:56 . 2011-08-17 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-17 15:57 . 2011-08-17 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-14 20:34 . 2011-08-14 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-17 15:57 . 2011-08-17 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-02 05:16 . 2011-08-17 00:30 334940 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2010-11-05 03:45 . 2011-08-14 20:33 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 03:45 . 2011-08-17 15:56 442860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-06 04:04 . 2011-08-17 02:14 380928 c:\windows\Installer\{B613A9BB-2B34-4824-A4BE-2427653D59D6}\iTunesIco.exe

- 2011-08-06 04:04 . 2011-08-06 04:04 380928 c:\windows\Installer\{B613A9BB-2B34-4824-A4BE-2427653D59D6}\iTunesIco.exe

+ 2010-04-09 01:41 . 2011-08-15 20:55 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-04-09 01:41 . 2011-08-14 00:54 1188048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-11-06 09:56 . 2011-08-14 20:33 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2010-11-06 09:56 . 2011-08-17 15:56 2832816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-8192.dat

+ 2011-06-26 03:51 . 2011-08-17 00:55 11903200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-947161117-1070136940-3011672290-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]

"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-05-13 126976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

"FAStartup"="" [bU]

.

c:\users\Tai Burton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R2 msiserver32;Windows Installer ;c:\windows\system32\KBDLAO32.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2006-01-02 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]

R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 16:17]

.

2011-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-16 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tai Burton\AppData\Roaming\Mozilla\Firefox\Profiles\64qugo6s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{01A622C3-8885-4A9F-BBF3-F38493B79E46} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{01A622C3-8885-4A9F-BBF3-F38493B79E46}"=hex:51,66,7a,6c,4c,1d,38,12,ad,21,b5,

05,b7,c6,f1,0f,c4,e5,b0,c4,96,e9,da,52

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\PC Tools Security\pctsSvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2011-08-17 12:08:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-17 16:08

ComboFix2.txt 2011-08-17 01:40

ComboFix3.txt 2011-08-16 18:04

ComboFix4.txt 2011-08-16 16:06

ComboFix5.txt 2011-08-17 15:30

.

Pre-Run: 319,671,025,664 bytes free

Post-Run: 319,691,976,704 bytes free

.

- - End Of File - - FCF266308723E198B66C2A523C2803B3

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.