Jump to content

Browser redirect


zube

Recommended Posts

Hi,

I was doing a routine scan with MBAM when it came across a Exploit.Drop.2 virus, i let MBAM delete it. Since then ive noticed that im getting a occasional redirect when searching on yahoo search engine, it takes me to a completely different website that has nothing to do with the link i was clicking on. It doesnt happen all the time but every once in awhile.

Im wondering if there is something hidden somewhere that is causing this..

any help would be appreciated. im posting my HiJackThis log. Thank You

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:39:23 PM, on 10/2/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\Hecheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [rasMapppm] rundll32.exe "C:\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll",iTunesmapCres smiCommsdrv

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8183 bytes

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Hi, thank you for your help..

here are the two logs requested, seems MBAM did find 3 problem area's that i let it remove, i will post the log before i let it remove the threats by rebooting.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7875

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

10/5/2011 7:36:16 AM

mbam-log-2011-10-05 (07-36-16).txt

Scan type: Quick scan

Objects scanned: 202638

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Mike\AppData\Local\winwebmon2\isapadoffice.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\isaPadOffice (Trojan.Agent) -> Value: isaPadOffice -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Mike\AppData\Local\winwebmon2\isapadoffice.dll (Trojan.Agent) -> Quarantined and deleted successfully.

and the DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Run by Mike at 7:29:39 on 2011-10-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4923 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\System32\rundll32.exe

F:\Program Files\Adobe Reader\Reader\reader_sl.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [rasMapppm] rundll32.exe "C:\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll",iTunesmapCres smiCommsdrv

uRun: [isaPadOffice] rundll32.exe "C:\Users\Mike\AppData\Local\WinWebmon2\isaPadOffice.dll",eapUserCtrl AppWebPlay

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\wpclsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO-X64: 0x1 - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

IE-X64: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920]

S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]

S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088]

S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2011-10-03 11:50:17 -------- d-----w- C:\Users\Mike\AppData\Local\WinWebmon2

2011-10-02 09:58:38 -------- d-----w- C:\Users\Mike\AppData\Local\DRMPadTray

.

==================== Find3M ====================

.

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

.

============= FINISH: 7:30:01.49 ===============

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

hi screen317

Thank you for your help. Here are the logs you requested.

ComboFix 11-10-09.01 - Mike 10/09/2011 6:50.2.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4853 [GMT -4:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll

c:\users\Mike\karplayer.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))

.

.

2011-10-09 10:55 . 2011-10-09 10:55 -------- d-----w- c:\users\Ty\AppData\Local\temp

2011-10-03 11:50 . 2011-10-05 11:43 -------- d-----w- c:\users\Mike\AppData\Local\WinWebmon2

2011-10-02 09:58 . 2011-10-09 10:54 -------- d-----w- c:\users\Mike\AppData\Local\DRMPadTray

2011-09-10 17:18 . 2011-09-10 17:18 -------- d-----w- c:\users\Ty\AppData\Roaming\Unity

2011-09-10 17:07 . 2011-09-10 17:07 -------- d-----w- c:\users\Ty\AppData\Local\Unity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 21:00 . 2010-06-12 01:14 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="f:\program files\Adobe Reader\Reader\Reader_sl.exe" [2009-02-27 35696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-01 1038088]

R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]

R3 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26]

.

2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKCU-Run-rasMapppm - c:\users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Ashampoo Burning Studio 9_is1 - f:\program files\abs9\Ashampoo Burning Studio 9\unins000.exe

AddRemove-EVPmaker_is1 - f:\evpmaker\unins000.exe

AddRemove-Fraps - f:\program files\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.032"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.abr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ani"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.arw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bay"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cr2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.crw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cs1"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cur"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dib"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djv"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djvu"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dng"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.emf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.eps"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.erf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fpx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.gif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.hdr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icl"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icn"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ilbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.int"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.inta"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iw4"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2c"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2k"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jbr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jfif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jp2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpe"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpeg"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpg"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpk"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.kdc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.lbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mos"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mrw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.nef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.orf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbr"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcd"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pct"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcx"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pef"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pgm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pic"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000)

"Progid"="ACDSee Photo Manager 2009.pict"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pix"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.png"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ppm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psd"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspbrush"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspimage"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ras"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raw"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgb"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgba"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rle"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rsb"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sgi"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sr2"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.srf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tga"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.thm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tiff"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttc"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11o"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11p"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11pf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wmf"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xbm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xif"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xmp"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xpm"

.

[HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\SecuROM\License information*]

"datasecu"=hex:f9,0a,95,2b,e9,d6,99,a4,55,d5,ef,b8,1e,45,d2,75,9c,0e,78,0b,15,

6a,46,84,b7,c1,93,3f,c3,76,01,d3,08,c0,a6,63,26,e2,f9,00,e0,34,d6,82,b0,46,\

"rkeysecu"=hex:a0,7f,4e,50,eb,62,92,f4,e8,ee,a7,ce,56,f4,e7,5a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2011-10-09 06:56:42

ComboFix-quarantined-files.txt 2011-10-09 10:56

.

Pre-Run: 213,776,367,616 bytes free

Post-Run: 213,741,764,608 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9

- - End Of File - - 56634917F73D7B34E8FFBB151077DE91

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Run by Mike at 6:57:32 on 2011-10-09

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4685 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\RacAgent.exe

C:\Windows\system32\lpremove.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\wpclsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO-X64: 0x1 - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

IE-X64: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920]

S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]

S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088]

S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]

S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2011-10-09 10:56:43 -------- d-----w- C:\Users\Mike\AppData\Local\temp

2011-10-09 10:48:58 98816 ----a-w- C:\Windows\sed.exe

2011-10-09 10:48:58 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-09 10:48:58 256000 ----a-w- C:\Windows\PEV.exe

2011-10-09 10:48:58 208896 ----a-w- C:\Windows\MBR.exe

2011-10-03 11:50:17 -------- d-----w- C:\Users\Mike\AppData\Local\WinWebmon2

2011-10-02 09:58:38 -------- d-----w- C:\Users\Mike\AppData\Local\DRMPadTray

.

==================== Find3M ====================

.

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

.

============= FINISH: 6:57:43.17 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Hi, Thanks again for the help. Here are the logs you requested.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-05 02:43:19

# local_time=2009-11-05 09:43:19 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 55622382 94027657 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 74 12794830 24777493 0 0

# scanned=124880

# found=8

# cleaned=0

# scan_time=3248

C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\Keymaker09_DGN_CW.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

F:\Junk\SSoft.AD.AD.HD.v6.5.4.9.Final.Incl.KeY_cw.rar a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Junk\unzips\CS4ECK.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\unzips\CS4 Cracking Kit\adobe-master-cs4-keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-08 02:48:24

# local_time=2009-11-08 09:48:24 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 55884859 94290134 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 74 13057307 25039970 0 0

# scanned=3468

# found=0

# cleaned=0

# scan_time=276

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-11-25 04:56:16

# local_time=2009-11-25 11:56:16 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 57358906 95764181 0 0

# compatibility_mode=8192 67108863 100 0 818618 818618 0 0

# compatibility_mode=9217 16777214 75 74 14531354 26514017 0 0

# scanned=100381

# found=1

# cleaned=0

# scan_time=2700

C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-26 02:15:34

# local_time=2010-02-26 09:15:34 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 65381928 103787203 0 0

# compatibility_mode=8192 67108863 100 0 8841640 8841640 0 0

# compatibility_mode=9217 16777214 75 74 22554376 34537039 0 0

# scanned=130309

# found=4

# cleaned=0

# scan_time=5237

C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I

F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-26 09:10:42

# local_time=2010-02-26 04:10:42 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=5892 16776638 100 95 65406756 103812031 0 0

# compatibility_mode=8192 67108863 100 0 8866468 8866468 0 0

# compatibility_mode=9217 16777214 75 74 22579204 34561867 0 0

# scanned=130181

# found=4

# cleaned=0

# scan_time=5317

C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I

F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-06-04 11:13:05

# local_time=2010-06-04 07:13:05 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776638 100 45 73886830 112288517 0 0

# compatibility_mode=8192 67108863 100 0 17342954 17342954 0 0

# compatibility_mode=9217 16777214 75 74 31059290 43038353 0 0

# scanned=55231

# found=0

# cleaned=0

# scan_time=3373

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-02 02:02:32

# local_time=2011-10-02 10:02:32 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 6619783 6619783 0 0

# compatibility_mode=5892 16776638 100 45 115759970 154161657 0 0

# compatibility_mode=8192 67108863 100 0 59216094 59216094 0 0

# compatibility_mode=9217 16777214 75 74 72932430 84911493 0 0

# scanned=39028

# found=0

# cleaned=0

# scan_time=1200

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-12 10:33:22

# local_time=2011-10-12 06:33:22 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 7470432 7470432 0 0

# compatibility_mode=5892 16776638 100 45 116610619 155012306 0 0

# compatibility_mode=8192 67108863 100 0 60066743 60066743 0 0

# compatibility_mode=9217 16777214 75 74 73783079 85762142 0 0

# scanned=59685

# found=0

# cleaned=0

# scan_time=2002

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-12 10:01:16

# local_time=2011-10-12 06:01:16 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 7508371 7508371 0 0

# compatibility_mode=5892 16776638 100 45 116648558 155050245 0 0

# compatibility_mode=8192 67108863 100 0 60104682 60104682 0 0

# compatibility_mode=9217 16777214 75 74 73821018 85800081 0 0

# scanned=170509

# found=2

# cleaned=2

# scan_time=5337

C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll.vir a variant of Win32/Sefnit.BR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

AND

Results of screen317's Security Check version 0.99.24

Windows Vista x64 (UAC is enabled)

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

ZoneAlarm Pro

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

DH Driver Cleaner Professional Edition

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

No other issues for me. havent noticed any search results being hijacked, and as long as my logs are clear things seem to be ok.

Link to post
Share on other sites

  • Staff

Hi,

All those cracks and keygens you use are likely the issue.

I highly recommend uninstalling them and the means you use to get them. If you come back and we see they aren't removed, you wont be helped again.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 22

Adobe Flash Player ( 10.2.153.1)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. What you currently have, Service Pack 1, has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Service Pack 2.

Let me know how that goes and if there were any issues updating.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.