Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default Slow computer maybe infected

    My computer has been running slow. Also I have processes running I am unsure if they are even needed. I went through each one on Google, but people say some are needed, some are not. Other sites say not to stop them at all. I just feel like too many might be running.

    Lastly worried about Registry problems but no idea how to correct that. I read a lot of bad things about altering it. Such as the Malwarebytes log shows some.

    Here are the logs needed, and after running the first scan with SuperAntiSpyware, I removed the threats it will show.

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/16/2011 at 08:55 PM

    Application Version : 4.51.1000

    Core Rules Database Version : 7070
    Trace Rules Database Version: 4882

    Scan type : Quick Scan
    Total Scan Time : 00:26:16

    Memory items scanned : 723
    Memory threats detected : 0
    Registry items scanned : 2943
    Registry threats detected : 0
    File items scanned : 54234
    File threats detected : 7

    Adware.Tracking Cookie
    C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Cookies\lightning@serving-sys[2].txt
    C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Cookies\lightning@insightexpressai[2].txt
    C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Cookies\lightning@legolas-media[1].txt
    C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Cookies\lightning@doubleclick[2].txt
    C:\Users\Lightning\AppData\Roaming\Microsoft\Windows\Cookies\lightning@atdmt[1].txt
    secure-us.imrworldwide.com [ C:\Users\Lightning\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RMK3CDVM ]
    spe.atdmt.com [ C:\Users\Lightning\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RMK3CDVM ]



    Malwarebytes:
    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6524

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/14/2011 3:13:36 AM
    mbam-log-2011-05-14 (03-13-32).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 494354
    Time elapsed: 1 hour(s), 28 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    HiJackThis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:23:06 PM, on 5/16/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe
    C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Alienware - Custom Gaming Computers - PC Gaming At Its Best
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Alienware - Custom Gaming Computers - PC Gaming At Its Best
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe
    O4 - HKLM\..\Run: [FILE NAME] C:\Program Files (x86)\Razer\Nostromo\t2Hid.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Lightning\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: AWMouseCI.lnk = C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
    O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gameda...ler.cab?v=1059
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

    --
    End of file - 13105 bytes

  2. #2
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default

    not sure if this helps but here's my specs too:

    Processor Information:
    Vendor: GenuineIntel
    Speed: 4.0 Mhz
    12 logical processors
    6 physical processors
    Operating System Version:
    Windows 7 (64 bit)
    Video Card:
    NVIDIA GeForce GTX 480
    Number of Logical Video Cards: 2
    SLI Detected (4 GPUs)
    Primary Display Resolution: 1920 x 1200
    Desktop Resolution: 1920 x 1200
    Sound card:
    Audio device: Speakers (Creative SB X-Fi)
    Memory:
    RAM: 12278 Mb

  3. #3
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello Jessicka and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. [b][i]Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, Please be aware that I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.

    I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!


    OK..If you have a Vista or Win7 computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.



    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
    Step 1.

    You need to remove any object or infected file that malwarebytes finds!!!

    Please update MBAM and run a scan:

    Start MBAM and then Click on the Update tab



    Click Check for Updates

    The latest Database Version is: 6320

    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.


    Step 2.

    Please download and run ComboFix:
    • A few notes first:

      Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

    • ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)
    • ComboFix must be run from an Administrative account.
    • Vista and W7 users - Right click, choose "Run as Administrator"
    • It must be downloaded to and run from your desktop.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)
    • ComboFix Guide <---please read!

      Download ComboFix from one of these locations:

      from Link #1

      Alternate link

      Alternate link #2

    • Double click on ComboFix.exe & follow the prompts.
    • Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    • Note: If you have SP3, use the SP2 package.

      If Vista or Windows 7, skip the Recovery Console part
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


      Notes:
    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    • 3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.
    • 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
      If a reboot doesn't restore your connection, please try this:
      Check HERE
      For XP systems download and run WinSockFix and Here

      Vista users: Check HERE

      Windows 7 systems: Download and run this Winsockfix.bat
    • 5.Give ComboFix at least 20-30 minutes to finish if needed.


    Summary of the logs I will need in your next reply:
    • The ComboFix log.
    • MBAM log.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  4. #4
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default

    Hi Net_Surfer, nice to meet you.

    I am running MBAM again and it looks like just the registry errors you highlighted from my original post are coming up. It is okay to delete those as it asks?

    After that I will go on to Step 2.

  5. #5
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Yes......please ensure that you click on the boxes of the infected objects and remove them...Follow my instructions on the malwarebytes step.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  6. #6
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6595

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/17/2011 2:48:21 AM
    mbam-log-2011-05-17 (02-48-21).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 511514
    Time elapsed: 1 hour(s), 24 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Lightning\AppData\Local\ocf.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    I selected remove and removed them though. this was before doing that. They are in the quarantine tab now. Should I delete them further or just leave them there?

  7. #7
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default

    having trouble disabling Microsoft Essentials to run Combofix

  8. #8
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi jessicka

    Good Job!

    After we run all of the fixing tools I will post instructions in how to get rid of all the bad files we quarantined......for now just follow my steps.

    I may not reply back to you in the next few hours since I will be busy doing some work in my computer.....Just be patience and execute all of my instructions step by step.

    for microsoft essentials just ignore the prompt of combofix and proceed.

    Regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    33
    Points
    0

    Default

    ComboFix 11-05-16.03 - Lightning 05/17/2011 3:08.1.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.9576 [GMT -5:00]
    Running from: c:\users\Lightning\Desktop\january 2011\feburary 2011\february 2 for 2011\februrary3\february 4\april\april 2\may 2011\may 2011 2\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\windows\system32\jusched.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-17 08:11 . 2011-05-17 08:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-17 08:07 . 2011-04-11 06:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25A82135-EEA3-4896-AB7D-00740F26C39D}\mpengine.dll
    2011-05-17 01:27 . 2011-05-17 01:27 -------- d-----w- c:\programdata\!SASCORE
    2011-05-17 01:27 . 2011-05-17 01:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-17 01:22 . 2011-05-17 01:22 -------- d-----w- c:\users\Lightning\AppData\Local\{964C58BF-EE0E-4E86-9517-1942E8A707CD}
    2011-05-17 01:15 . 2011-05-17 01:15 -------- d-----w- c:\users\Lightning\AppData\Local\PackageAware
    2011-05-16 12:51 . 2011-05-16 12:51 -------- d-----w- c:\users\Lightning\AppData\Local\{F146351D-C8DC-465C-904A-9EA7FB6C8A23}
    2011-05-16 01:00 . 2011-04-11 06:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-16 00:50 . 2011-05-16 00:50 -------- d-----w- c:\users\Lightning\AppData\Local\{C0989826-9AD3-4C90-97A0-BE36643F1E18}
    2011-05-15 03:47 . 2011-05-15 03:48 -------- d-----w- c:\users\Lightning\AppData\Local\{00CC8E63-95B5-4FC8-B72F-CAA9B37EFD80}
    2011-05-14 16:02 . 2011-05-14 16:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-14 15:47 . 2011-05-14 15:47 -------- d-----w- c:\users\Lightning\AppData\Local\{7815FD17-B795-4B84-8DAB-034AE8E2228E}
    2011-05-14 07:21 . 2011-05-14 07:21 -------- d-----w- c:\users\Lightning\AppData\Roaming\Nero
    2011-05-14 07:05 . 2011-05-14 07:05 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE311344-5B1E-4F76-BE84-AE8F15FE01D7}\gapaengine.dll
    2011-05-14 07:02 . 2011-05-14 07:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2011-05-14 07:02 . 2011-05-14 07:02 -------- d-----w- c:\program files\Microsoft Security Client
    2011-05-14 06:53 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-05-14 06:53 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2011-05-14 06:53 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2011-05-14 06:53 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-05-14 06:02 . 2011-05-14 06:02 -------- d-----w- c:\users\Lightning\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-14 06:02 . 2011-05-14 06:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-14 01:25 . 2011-05-14 01:25 -------- d-----w- c:\users\Lightning\AppData\Local\{EB59BDC3-E5A2-4C69-A290-2E8A5C60A12D}
    2011-05-13 06:36 . 2009-08-10 20:25 47104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
    2011-05-13 06:36 . 2010-03-23 21:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys
    2011-05-13 06:35 . 2011-05-13 06:35 -------- d-----w- c:\users\Lightning\AppData\Roaming\InstallShield
    2011-05-13 04:34 . 2011-05-13 04:34 -------- d-----w- c:\users\Lightning\AppData\Local\{D1401615-D104-4686-8500-D7526A2EF9A2}
    2011-05-12 02:43 . 2011-05-12 03:13 -------- d-----w- c:\program files (x86)\VideoLAN
    2011-05-12 01:38 . 2011-05-12 01:38 -------- d-----w- c:\users\Lightning\AppData\Local\{98685F47-9774-40AE-9B09-89EADCD50177}
    2011-05-11 13:37 . 2011-05-11 13:37 -------- d-----w- c:\users\Lightning\AppData\Local\{C0F245CD-19C4-4D29-A754-A6B715E3F5F2}
    2011-05-11 06:02 . 2011-05-11 06:02 -------- d-----w- c:\programdata\Nexon
    2011-05-11 05:38 . 2011-05-11 05:38 -------- d-----w- c:\program files (x86)\BandiMPEG1
    2011-05-11 05:37 . 2011-05-11 05:37 -------- d-----w- C:\Nexon
    2011-05-11 03:57 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-11 03:57 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-11 03:57 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-11 03:57 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 03:57 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 03:57 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 03:57 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 03:57 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 03:57 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 03:57 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-11 01:37 . 2011-05-11 01:37 -------- d-----w- c:\users\Lightning\AppData\Local\{FD4A67E6-B61B-46A9-8EF3-4EFB5F004F22}
    2011-05-10 13:06 . 2011-05-10 13:06 -------- d-----w- c:\users\Lightning\AppData\Local\{280571E9-9ECD-4423-B6F0-E9BE54272829}
    2011-05-10 01:06 . 2011-05-10 01:06 -------- d-----w- c:\users\Lightning\AppData\Local\{C1C28C9A-EA0A-4343-A21D-C02546CBAEE9}
    2011-05-09 13:05 . 2011-05-09 13:05 -------- d-----w- c:\users\Lightning\AppData\Local\{0B69591D-6BD5-4159-97EB-BBD92FAA8E83}
    2011-05-09 02:19 . 2011-05-09 02:19 -------- d-----w- c:\users\Lightning\AppData\Local\EA Games
    2011-05-09 02:18 . 2011-05-09 02:18 -------- d-----w- c:\programdata\Solidshield
    2011-05-09 01:05 . 2011-05-09 01:05 -------- d-----w- c:\users\Lightning\AppData\Local\{A6D5EA7E-38F7-46A9-9B79-61A2547C3E1D}
    2011-05-08 13:04 . 2011-05-08 13:04 -------- d-----w- c:\users\Lightning\AppData\Local\{6569ABCD-E164-457E-B1CB-8432873E5A93}
    2011-05-08 01:04 . 2011-05-08 01:04 -------- d-----w- c:\users\Lightning\AppData\Local\{E474F7C5-62FF-491B-B277-69958497D0E4}
    2011-05-07 10:53 . 2011-05-07 10:53 -------- d-----w- c:\users\Lightning\AppData\Local\{1328D4A2-8F59-4F9D-BEDA-1D73C9FE3170}
    2011-05-07 00:11 . 2011-05-07 00:11 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-05-07 00:11 . 2011-05-07 00:11 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-05-07 00:11 . 2011-05-07 00:11 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-05-07 00:11 . 2011-05-07 00:11 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-07 00:11 . 2011-05-07 00:11 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-05-07 00:11 . 2011-05-07 00:11 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-05-07 00:11 . 2011-05-07 00:11 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-05-07 00:11 . 2011-05-07 00:11 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-05-06 22:53 . 2011-05-06 22:53 -------- d-----w- c:\users\Lightning\AppData\Local\{048890CC-E1F1-4FD4-9FA4-A6CCFD11BCE3}
    2011-05-06 00:50 . 2011-05-06 00:53 -------- d-----w- c:\users\Lightning\AppData\Local\Divinity 2
    2011-05-06 00:50 . 2011-05-06 00:50 -------- d-----w- c:\programdata\Divinity 2
    2011-05-05 13:00 . 2011-05-05 13:00 -------- d-----w- c:\users\Lightning\AppData\Local\{04B597D4-AC5A-4922-8C7D-6474AA24908B}
    2011-05-05 01:00 . 2011-05-05 01:00 -------- d-----w- c:\users\Lightning\AppData\Local\{2B67864E-5159-4623-9850-28AC1672A706}
    2011-05-04 09:27 . 2011-05-04 09:27 -------- d-----w- c:\users\Lightning\AppData\Local\{0C5812C5-0D56-4E30-BF06-AA992E3E170F}
    2011-05-04 02:00 . 2011-05-04 02:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-05-04 01:57 . 2011-05-04 01:57 -------- d-----w- c:\program files (x86)\Adobe Media Player
    2011-05-04 01:19 . 2011-05-04 01:19 -------- d-----w- c:\users\Lightning\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-05-03 21:26 . 2011-05-03 21:26 -------- d-----w- c:\users\Lightning\AppData\Local\{2DF28BF6-B273-47AE-96DA-E59A82721424}
    2011-05-03 08:12 . 2011-05-03 08:13 -------- d-----w- c:\users\Lightning\AppData\Local\{BD02BAB8-EC43-44B4-8CA4-50EFA18D372A}
    2011-05-03 04:13 . 2011-05-03 04:19 -------- d-----w- c:\program files\SHOUTcast
    2011-05-03 04:07 . 2011-05-03 04:07 -------- d-----w- c:\program files (x86)\Winamp Detect
    2011-05-03 04:06 . 2011-05-03 05:31 -------- d-----w- c:\users\Lightning\AppData\Roaming\Winamp
    2011-05-02 20:12 . 2011-05-02 20:12 -------- d-----w- c:\users\Lightning\AppData\Local\{A3C39FC0-293C-43B7-961E-26451EAE0AA8}
    2011-05-02 01:29 . 2011-05-02 01:30 -------- d-----w- c:\users\Lightning\AppData\Local\{CECF6CA5-5AA6-4848-A42F-82A532EA7553}
    2011-05-01 13:29 . 2011-05-01 13:29 -------- d-----w- c:\users\Lightning\AppData\Local\{5A7107D8-79CB-4EB8-B52D-D114D91E569E}
    2011-05-01 01:28 . 2011-05-01 01:28 -------- d-----w- c:\users\Lightning\AppData\Local\{39335EE8-53E8-41A0-8E99-0E22DD2B4334}
    2011-04-30 04:46 . 2011-04-30 04:46 -------- d-----w- c:\users\Lightning\AppData\Local\{E5EB5DE2-978F-4FD5-81DE-59DEC91AFB8B}
    2011-04-29 16:46 . 2011-04-29 16:46 -------- d-----w- c:\users\Lightning\AppData\Local\{DACB9D7C-D2E4-439C-9412-258EC9DED0E2}
    2011-04-29 00:52 . 2011-04-29 00:52 -------- d-----w- c:\users\Lightning\AppData\Local\{F37B79EA-350C-4044-87B3-761C501EF63A}
    2011-04-28 12:11 . 2011-04-28 12:11 -------- d-----w- c:\users\Lightning\AppData\Local\{BF5DC06D-695D-4695-A4F0-BD9685285D0A}
    2011-04-28 00:11 . 2011-04-28 00:11 -------- d-----w- c:\users\Lightning\AppData\Local\{5F643AD1-C3B1-4FF2-8572-5B68523620FD}
    2011-04-27 12:10 . 2011-04-27 12:10 -------- d-----w- c:\users\Lightning\AppData\Local\{ADF3EA79-35EE-470F-8E18-1CEEE0BAD50E}
    2011-04-27 00:10 . 2011-04-27 00:10 -------- d-----w- c:\users\Lightning\AppData\Local\{92E39BF9-589F-4E94-849A-3E661D9E0EB5}
    2011-04-25 20:12 . 2011-04-25 20:12 -------- d-----w- c:\users\Lightning\AppData\Local\{CA042D94-6831-4D54-9B3A-E0488F4AB379}
    2011-04-25 02:43 . 2011-04-25 02:43 -------- d-----w- c:\users\Lightning\AppData\Local\{13B17C66-00CB-4052-8038-CE05292F3412}
    2011-04-24 14:43 . 2011-04-24 14:43 -------- d-----w- c:\users\Lightning\AppData\Local\{A017B5A3-97EB-4A11-85C2-877CA4EE0564}
    2011-04-24 02:42 . 2011-04-24 02:42 -------- d-----w- c:\users\Lightning\AppData\Local\{1BE9E880-FD15-4ECE-B74F-03CDED0BBAEB}
    2011-04-23 13:37 . 2011-04-23 13:37 -------- d-----w- c:\users\Lightning\AppData\Local\{66B6A900-3768-4D48-90BD-7038B8682E06}
    2011-04-23 01:37 . 2011-04-23 01:37 -------- d-----w- c:\users\Lightning\AppData\Local\{A13526FF-BCAF-46CB-8944-069CA18060EC}
    2011-04-22 13:36 . 2011-04-22 13:37 -------- d-----w- c:\users\Lightning\AppData\Local\{ABA956F4-2845-4B09-A6EE-79DA5E42E1ED}
    2011-04-22 01:36 . 2011-04-22 01:36 -------- d-----w- c:\users\Lightning\AppData\Local\{347B6777-2ADD-4BAE-8D0D-D83C31DCD006}
    2011-04-21 13:35 . 2011-04-21 13:36 -------- d-----w- c:\users\Lightning\AppData\Local\{EE359068-A45D-4971-A2B9-15CDDBC515DA}
    2011-04-21 01:35 . 2011-04-21 01:35 -------- d-----w- c:\users\Lightning\AppData\Local\{55B3FDDF-D949-40D1-A10B-660F63697845}
    2011-04-20 13:10 . 2011-04-20 13:10 -------- d-----w- c:\users\Lightning\AppData\Local\{917068A6-A73B-4331-AE85-EAB5925DDE1D}
    2011-04-20 01:10 . 2011-04-20 01:10 -------- d-----w- c:\users\Lightning\AppData\Local\{51D0A32C-D302-4279-8BDA-CFEB746E2B86}
    2011-04-18 23:55 . 2011-04-18 23:55 -------- d-----w- c:\users\Lightning\AppData\Local\{755790DC-128B-4B09-9A52-96DF9548ECE6}
    2011-04-18 02:11 . 2011-04-18 02:11 -------- d-----w- c:\users\Lightning\AppData\Local\{3CDB9AD9-8EDC-4FE4-AA02-3CEC172505D8}
    2011-04-17 13:26 . 2011-04-17 13:26 -------- d-----w- c:\users\Lightning\AppData\Local\{38FCD8AF-A40D-47C4-9215-2FDDBBFB87DC}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 01:02 . 2010-09-28 21:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-14 01:01 . 2010-09-28 21:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
    2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2011-04-08 11:28 . 2011-04-08 11:28 27536 ----a-w- c:\windows\system32\xfcodec64.dll
    2011-04-08 06:17 . 2010-09-07 03:02 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-05 23:09 . 2011-04-05 23:09 1196544 ----a-w- c:\windows\SysWow64\VSFilter.dll
    2011-04-01 04:27 . 2011-04-01 04:27 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2011-03-29 07:33 . 2011-03-29 07:33 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-03-28 22:13 . 2011-03-28 22:13 3220992 ----a-w- c:\windows\SysWow64\x264vfw.dll
    2011-03-21 14:58 . 2011-03-21 14:58 152064 ----a-w- c:\windows\SysWow64\xvid.ax
    2011-03-20 18:38 . 2011-03-20 18:38 344064 ----a-w- c:\windows\SysWow64\AACACM.acm
    2011-03-20 02:00 . 2011-03-20 02:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
    2011-03-19 16:06 . 2011-03-19 16:06 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2011-03-19 16:04 . 2011-03-19 16:04 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2011-03-11 06:19 . 2011-04-15 01:17 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:19 . 2011-04-15 01:17 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:40 . 2011-04-15 01:17 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-15 01:17 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-09 00:52 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-08 06:14 . 2011-04-15 01:16 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-15 01:16 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-05 17:47 . 2011-03-05 17:47 122368 ----a-w- c:\windows\SysWow64\lagarith.dll
    2011-03-04 06:17 . 2011-04-27 22:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17 . 2011-04-27 22:13 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17 . 2011-04-15 01:16 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:14 . 2011-04-15 01:16 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:27 . 2011-04-15 01:16 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58 . 2011-04-15 01:17 3133440 ----a-w- c:\windows\system32\win32k.sys
    2011-02-28 13:09 . 2011-04-01 05:24 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2011-02-24 06:30 . 2011-04-15 01:17 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-24 06:29 . 2011-04-15 01:18 1197056 ----a-w- c:\windows\system32\wininet.dll
    2011-02-24 06:24 . 2011-04-15 01:18 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-24 05:32 . 2011-04-15 01:17 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-24 05:32 . 2011-04-15 01:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-02-24 05:30 . 2011-04-15 01:18 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-02-24 05:05 . 2011-04-15 01:18 482816 ----a-w- c:\windows\system32\html.iec
    2011-02-24 04:24 . 2011-04-15 01:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-24 04:23 . 2011-04-15 01:18 386048 ----a-w- c:\windows\SysWow64\html.iec
    2011-02-24 03:50 . 2011-04-15 01:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-02-23 05:16 . 2011-04-15 01:17 461312 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-23 05:16 . 2011-04-15 01:17 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-02-23 05:15 . 2011-04-15 01:17 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-02-23 05:15 . 2011-04-15 01:16 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-23 05:15 . 2011-04-15 01:16 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-23 05:15 . 2011-04-15 01:16 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-23 05:15 . 2011-04-15 01:16 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-02-19 06:37 . 2011-03-09 00:50 1135104 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 06:37 . 2011-03-09 00:50 1540608 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 06:36 . 2011-03-09 00:50 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:36 . 2011-04-15 01:17 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-19 05:32 . 2011-03-09 00:50 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 05:32 . 2011-03-09 00:50 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-19 05:32 . 2011-04-15 01:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-02-19 04:13 . 2011-04-15 01:17 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-19 03:37 . 2011-04-15 01:17 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-02-18 06:37 . 2011-04-15 01:17 612352 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-18 05:36 . 2011-04-15 01:17 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-28 2969496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-07-27 24064]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe" [2010-12-30 957840]
    "FILE NAME"="c:\program files (x86)\Razer\Nostromo\t2Hid.exe" [2011-01-21 261632]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-02-19 248320]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AWMouseCI.lnk - c:\program files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe [2009-6-25 831488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-29 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-29 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
    R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-09 1038088]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/04/29 15:18];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
    S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-01-20 14648]
    S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
    S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
    S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [x]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
    S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
    S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [x]
    S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913879750-799272578-3925377319-1000Core.job
    - c:\users\Lightning\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 15:00]
    .
    2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913879750-799272578-3925377319-1000UA.job
    - c:\users\Lightning\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 15:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-01-20 61256]
    "Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-01-20 167736]
    "Launch Keyboard CI"="c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" [2009-05-28 3438088]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.alienware.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\qzht8ukb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-(Default) - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-913879750-799272578-3925377319-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:77,11,3a,26,a5,8d,1f,45,ad,a6,6a,bc,e9,a5,e0,fc,77,b3,fe,72,00,0a,e1,
    3c,96,85,c8,78,cf,66,99,db,7d,9c,10,55,75,55,7f,17,4e,98,9d,42,91,3b,02,2b,\
    "??"=hex:03,11,a2,71,6c,76,d7,e6,15,a8,00,73,95,ee,13,c6
    .
    [HKEY_USERS\S-1-5-21-913879750-799272578-3925377319-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a5,88,9c,1d,60,cd,16,9d,e0,d2,bf,39,6b,83,2d,25,d0,a6,d0,c4,66,
    d3,12,ec,af,6f,0f,f8,0c,13,5e,29,b6,c5,41,aa,53,fe,94,9d,27,9a,da,01,90,7a,\
    "rkeysecu"=hex:63,16,e9,5a,3c,29,18,d7,e5,08,2c,c8,c4,91,59,28
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-17 03:13:02
    ComboFix-quarantined-files.txt 2011-05-17 08:13
    .
    Pre-Run: 1,566,160,035,840 bytes free
    Post-Run: 1,566,759,096,320 bytes free
    .
    - - End Of File - - FE6B1C6A80C60D0DD23A365BF1E5599A

  10. #10
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi Jessicka

    How is your computer acting now?
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 1 of 3 123 LastLast