Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default Having trouble...

    I was having trouble several days ago when I would click on website links and then be re-routed to different sites so I suspected spyware or malware. I then ran SuperAntispyware and Malwarebytes, which found and fixed some problems. I still found the same re-routing problem, though, so yesterday ran them again. Afterwards I ran and posted a HijackThis log to the detective, which tells me it doesn't have access to my hosts file, and that I need to re-boot in safe mode and put checkmarks next to two items and fix them. I have rebooted in safe mode and re-ran Hijack This, but the two items they mention do not show up for me to put a check mark next to them (O2-BHO:HelloWorldBHO..., and O4 HKCU...wbsbpomsika.exe or something like that.) I also found I could not find my hosts file, even when telling Windows to show hidden files, so I tried to create a new one.

    I'd love help on what to do next.

    Thank you for your time!

    SuperAntiSpyware log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/08/2012 at 07:50 PM

    Application Version : 5.0.1144

    Core Rules Database Version : 8308
    Trace Rules Database Version: 6120

    Scan type : Complete Scan
    Total Scan Time : 01:53:27

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC On - Limited User

    Memory items scanned : 600
    Memory threats detected : 0
    Registry items scanned : 67112
    Registry threats detected : 0
    File items scanned : 123931
    File threats detected : 38

    Adware.Tracking Cookie
    secure-us.imrworldwide.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VD8MY8QN ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    bzstats.strayer.de [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    bigentertainmentfinder.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    bridge2.admarketplace.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .admarketplace.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    lm.logicalmedia.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    lm.logicalmedia.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    click.get-answers-fast.com [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]
    .in2m.122.2o7.net [ C:\USERS\CUSSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3W171XM.DEFAULT\COOKIES.SQLITE ]

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.60.1.1000
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.03.06.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Cusson :: SHALOSH [administrator]

    3/8/2012 11:34:59 PM
    mbam-log-2012-03-08 (23-34-59).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 738048
    Time elapsed: 2 hour(s), 11 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:46:35 PM, on 3/9/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16930)
    Boot mode: Safe mode

    Running processes:
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 67.215.245.19 Google Analytics | Official Website.
    O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    O1 - Hosts: 67.215.245.19 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O1 - Hosts: 108.163.215.51 Google Analytics | Official Website.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
    O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Cusson\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [MediaGet2] C:\Users\Cusson\AppData\Local\MediaGet2\mediaget.exe --minimized
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Cusson\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [SMD] "C:\ProgramData\14525a\StrongMD.exe" /s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cusson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CrypKey License - Unknown owner - C:\Windows\system32\crypserv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
    O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Safe Eyes Update Service (seUpdateSvc) - InternetSafety.com, Inc. - C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15289 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi cyndyinohio,

    I see that you're waiting. Our spyware expert comes on a bit later and he will get to you asap. In the mean time could you please follow the directions below. This will give him a better understanding of what's taking place on the computer. He will also instruct you to run other scans.

    Download DDS link from here http://download.bleepingcomputer.com/sUBs/dds.scr
    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs:

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please include the entire contents of both logs in your next reply.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copy and pasting it into the reply.

    Joe

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Cusson at 23:09:21 on 2012-03-09
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.5721 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\crypserv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Windows\SysWOW64\svchost.exe -k LexPrintListener
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\lxeccoms.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\vmsnap3.exe
    C:\Windows\Domino.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Cusson\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Cusson\AppData\Local\MediaGet2\mediaget.exe
    C:\Users\Cusson\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Cusson\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\RescueTime\RescueTime.exe
    C:\Users\Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AirPort\APAgent.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.orbitdownloader.com
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
    mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [Google Update] "C:\Users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AdobeBridge]
    uRun: [Akamai NetSession Interface] "C:\Users\Cusson\AppData\Local\Akamai\netsession_win.exe"
    uRun: [MediaGet2] C:\Users\Cusson\AppData\Local\MediaGet2\mediaget.exe --minimized
    uRun: [Spotify] "C:\Users\Cusson\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [SMD] "C:\ProgramData\14525a\StrongMD.exe" /s
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
    mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Cusson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Cusson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Free YouTube to Mp3 Converter - C:\Users\Cusson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    LSP: C:\Windows\System32\icf.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{67AF16DC-7C3A-4E39-8C34-7F3509EC573F} : DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{67AF16DC-7C3A-4E39-8C34-7F3509EC573F}\2456C6B696E6E253339324 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{67AF16DC-7C3A-4E39-8C34-7F3509EC573F}\55E616671696C61626C656 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{67AF16DC-7C3A-4E39-8C34-7F3509EC573F}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{6B68FADE-3D37-4ACA-95BA-30F9E74016E1} : DhcpNameServer = 10.0.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    BHO-X64: DVDVideoSoftTB - No File
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB-X64: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    TB-X64: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
    mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    Hosts: 67.215.245.19 Google Analytics | Official Website.
    Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    Hosts: 67.215.245.19 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    Hosts: 108.163.215.51 Google Analytics | Official Website.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2|Welcome to Facebook - Log In, Sign Up or Learn More
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Cusson\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Cusson\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
    FF - plugin: C:\Users\Cusson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Cusson\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: C:\Users\Cusson\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Cusson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Cusson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-12-20 401920]
    R2 LexPrintListener;LexPrint Listener;C:\Windows\system32\svchost.exe -k LexPrintListener [2009-7-13 20992]
    R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
    R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2011-11-19 234496]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2010-4-14 45736]
    S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
    S3 SIVDRIVER;SIV Kernel Driver;\??\C:\Windows\system32\Drivers\SIVX64.sys --> C:\Windows\system32\Drivers\SIVX64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys --> C:\Windows\system32\drivers\vvftav303.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);C:\Windows\system32\Drivers\usbVM303.sys --> C:\Windows\system32\Drivers\usbVM303.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
    .
    =============== Created Last 30 ================
    .
    2012-03-09 13:59:47 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FBCD96C-F340-4434-B48A-4AA718A694CD}\mpengine.dll
    2012-03-08 01:46:55 -------- d-----w- C:\Program Files (x86)\BZFlag2.4.0_32Bit
    2012-03-01 20:05:59 -------- d-----w- C:\Users\Cusson\AppData\Roaming\SpellQuizzer
    2012-03-01 20:05:32 608448 ----a-w- C:\Windows\SysWow64\ComCtl32.ocx
    2012-03-01 20:05:32 198848 ----a-w- C:\Windows\SysWow64\MCI32.OCX
    2012-03-01 20:05:32 1623984 ----a-w- C:\Windows\SysWow64\Codejock.Controls.v12.0.0.ocx
    2012-03-01 20:05:32 152848 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx
    2012-03-01 20:05:32 141072 ----a-w- C:\Windows\SysWow64\XZip.dll
    2012-03-01 20:05:23 -------- d-----w- C:\Program Files (x86)\SpellQuizzer
    2012-02-25 12:10:50 -------- d-sh--w- C:\ProgramData\SMHSUUGLD
    2012-02-25 12:10:00 -------- d-sh--w- C:\ProgramData\14525a
    2012-02-24 21:54:39 -------- d-----w- C:\Users\Cusson\AppData\Local\Conduit
    2012-02-21 18:47:04 -------- d-----w- C:\ProgramData\Broderbund
    2012-02-21 18:45:18 274432 ----a-w- C:\Windows\TLCUninstall.exe
    2012-02-21 18:45:09 -------- d-----w- C:\Program Files (x86)\Broderbund
    2012-02-15 23:04:13 -------- d-----w- C:\Users\Cusson\AppData\Local\GameMaker8.1
    2012-02-15 23:04:06 -------- d-----w- C:\Users\Cusson\AppData\Local\YoYo_Games_Ltd
    2012-02-15 23:03:45 -------- d-----w- C:\Users\Cusson\AppData\Roaming\GameMaker
    2012-02-11 14:12:42 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D3CB82C-F07C-4777-B31A-BEA8058B68F0}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-27 00:00:33 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
    2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
    2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 23:09:59.89 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/20/2010 11:35:04 AM
    System Uptime: 3/9/2012 12:48:11 PM (11 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Eureka3
    Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 687 GiB total, 371.013 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.161 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP854: 2/29/2012 10:23:59 AM - Windows Update
    RP855: 3/2/2012 9:14:10 AM - Windows Update
    RP856: 3/3/2012 6:02:51 PM - Windows Update
    RP857: 3/5/2012 8:18:24 AM - Windows Update
    RP858: 3/6/2012 8:36:31 AM - Windows Update
    RP859: 3/7/2012 2:30:43 PM - Windows Update
    RP860: 3/9/2012 8:58:29 AM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 67.215.245.19 Google Analytics | Official Website.
    Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    Hosts: 67.215.245.19 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    Hosts: 108.163.215.51 Google Analytics | Official Website.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    .
    ==== Installed Programs ======================
    .
    2010 Bible Bee Sword Drill
    aaa
    ABBYY FineReader 6.0 Sprint
    AccuChef
    AceReader Pro Deluxe
    Acrobat.com
    Activate Norton Online Backup
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Elements 9
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 9.4.4
    AirPort
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Amazon Games & Software Downloader
    Amazon Kindle
    Amazon MP3 Downloader 1.0.10
    Android SDK Tools
    Apple Application Support
    Apple Software Update
    appMobi XDK
    Ask Toolbar
    Audacity 1.2.6
    Barnes & Noble Desktop Reader
    Big Kahuna Reef
    BigOven
    BookSmartŪ 2.9.4 2.9.4
    BZFlag 2.4.0 32Bit (remove only)
    BZFlag 2.4.0 64Bit (remove only)
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    corefx
    Coupon Printer for Windows
    CyberLink DVD Suite Deluxe
    DHTML Editing Component
    DirectX for Managed Code Update (Summer 2004)
    Dropbox
    DVDVideoSoft Toolbar
    DVDVideoSoftTB Toolbar
    Elements 9 Organizer
    Elements STI Installer
    Evernote v. 4.3.1
    Facebook Plug-In
    Free Audio CD Burner version 1.4.7
    Free YouTube to MP3 Converter version 3.9.35.324
    Freemake Video Converter version 2.0.0
    Funnix Reading 1-40
    Funnix Reading 41-120
    GameMaker 8.1
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Talk Plugin
    GoToMeeting 4.5.0.457
    GP4 Web Conferencing
    HiJackThis
    Homepage Protection
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    Hoyle Card Games 2005
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    Hulu Desktop
    IKEA Home Planner
    IncrediMail
    IncrediMail 2.0
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 26
    JellyCar 1.1.1
    LabelPrint
    LAME v3.98.2 for Audacity
    LastPass (uninstall only)
    LeapFrog Connect
    LeapFrog Crammer Plugin
    LeapFrog Didj Plugin
    LEGO Star Wars II
    LEGO Universe
    Lexmark Printable Web
    LightScribe System Software
    Liquid War 6 0.0.11beta
    M.A.R.S. - a ridiculous shooter (remove only)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Math 3 Teaching Textbook
    Math 4 Teaching Textbook
    Math 5 Teaching Textbook
    Mavis Beacon Teaches Typing 16
    McAfee Clean Up Tool
    MediaGet2 version 2.1.494.0
    MediaGet2 version 2.1.890.0
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Blend SDK for Windows Phone 7
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight Tools for Visual Studio 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual Basic 2008 Step by Step
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 Express for Windows Phone - ENU
    Microsoft Windows Media Video 9 VCM
    Microsoft Windows Phone 7 Developer Resources
    Microsoft Windows Phone Developer Tools - ENU
    Microsoft Works
    Microsoft XNA Framework Redistributable 2.0
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Game Studio 4.0
    Microsoft XNA Game Studio 4.0 (ARP entry)
    Microsoft XNA Game Studio 4.0 (Redists)
    Microsoft XNA Game Studio 4.0 (Shared Components)
    Microsoft XNA Game Studio 4.0 (Visual Studio)
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Documentation
    Microsoft XNA Game Studio 4.0 Windows Phone Extensions
    Microsoft XNA Game Studio Platform Tools
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Millie's Math House (Remove only)
    Millie and Bailey Preschool
    Miro Video Converter
    MonkeyJam 3_050529
    Mozilla Firefox 5.0 (x86 en-US)
    mpixpro ROES
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nikon Message Center 2
    Number Drill 1.2
    OpenAL
    OpenOffice.org 3.1
    OverDrive Media Console
    Paintball2 Alpha build 32
    PDF Settings CS5
    Photo Notifier and Animation Creator
    PhotoMail Maker
    Picasa 3
    Picture Control Utility
    PictureMover
    Power2Go
    PowerDirector
    PowerRecover
    QuickTime
    Reader Rabbit Preschool(R) Sparkle Star Rescue!(TM)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RescueTime 2.4.0
    Safari
    Safe Eyes
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
    Seesmic Desktop
    Showit
    Skype™ 5.0
    SpellQuizzer 1.4.2
    Spotify
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Stop Motion Animation Companion CD 1.2
    TaxACT 2010
    TaxACT 2011 - 1040 Edition
    TeamSpeak 3 Client
    Turbo Lister 2
    Uninstall 1.0.0.1
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    USB PC Camera (Vimicro301 Neptune)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
    VideoPad Video Editor
    ViewNX 2
    Warzone 2100
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    Windows Phone 7 Add-in for Visual Studio 2010 - ENU
    WinZip 14.5
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    Zoodles
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 12:49:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    3/9/2012 12:49:08 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/9/2012 12:48:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService service to connect.
    3/9/2012 12:48:34 PM, Error: Service Control Manager [7000] - The lxecCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/9/2012 12:46:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/9/2012 12:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/9/2012 12:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/9/2012 12:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/9/2012 12:46:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/9/2012 12:46:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/9/2012 12:46:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache MpFilter NetBIOS NetBT NetworkX nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vmm vwififlt Wanarpv6 WfpLwf ws2ifsl
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2012 12:46:01 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2012 12:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/9/2012 12:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/8/2012 8:37:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    3/7/2012 7:06:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/7/2012 2:22:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/7/2012 2:21:35 PM, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    3/6/2012 8:18:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/6/2012 7:18:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/5/2012 9:13:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/5/2012 8:08:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/2/2012 9:03:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/2/2012 5:08:33 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    .
    ==== End Of File ===========================

  5. #4
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Thank you for the help, Joe!

  6. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello cyndyinohio,
    • Welcome to Help2Go.
    • My name is fireman4it and I will be helping you with your Malware problem.


      Please take note of some guidelines for this fix:
    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".

    • Finally, please reply using the Submit Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
    • I will be analyzing your log. I will get back to you with instructions.


    Joe has got us started on the right track. We still need a little more information as I feel we could be dealing with a new type of malware here. Don't worry just because it may be new doesn't mean we can't get rid of it. It just means I want to know what we are dealing with before we start.


    1.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    2.
    Please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #6
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-10 14:03:06
    -----------------------------
    14:03:06.999 OS Version: Windows x64 6.1.7600
    14:03:06.999 Number of processors: 4 586 0x170A
    14:03:07.000 ComputerName: SHALOSH UserName: Cusson
    14:03:09.201 Initialize success
    14:04:59.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:04:59.149 Disk 0 Vendor: ST3750528AS HP22 Size: 715404MB BusType: 3
    14:04:59.160 Disk 0 MBR read successfully
    14:04:59.161 Disk 0 MBR scan
    14:04:59.163 Disk 0 unknown MBR code
    14:04:59.166 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90 MB offset 2048
    14:04:59.177 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 703173 MB offset 192780
    14:04:59.206 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12133 MB offset 1440292864
    14:04:59.247 Disk 0 scanning C:\Windows\system32\drivers
    14:05:05.454 Service scanning
    14:05:10.492 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    14:05:16.569 Modules scanning
    14:05:16.576 Disk 0 trace - called modules:
    14:05:16.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:05:16.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bd060]
    14:05:16.916 3 CLASSPNP.SYS[fffff880018ed43f] -> nt!IofCallDriver -> [0xfffffa80071c9e40]
    14:05:16.920 5 ACPI.sys[fffff88000f0e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80071ce060]
    14:05:16.925 Scan finished successfully
    14:05:28.011 Disk 0 MBR has been saved successfully to "C:\Users\Cusson\Desktop\MBR.dat"
    14:05:28.086 The log file has been saved successfully to "C:\Users\Cusson\Desktop\aswMBR.txt"


    ListParts by Farbar Version: 06-03-2012 01
    Ran by Cusson (administrator) on 10-03-2012 at 14:08:12
    Windows 7 (X64)
    Running From: C:\Users\Cusson\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 33%
    Total physical RAM: 8157.18 MB
    Available physical RAM: 5444.85 MB
    Total Pagefile: 16312.5 MB
    Available Pagefile: 13333 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:686.69 GB) (Free:369.76 GB) NTFS
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.85 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Math5-2) (CDROM) (Total:0.92 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 5120 KB
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 90 MB 1024 KB
    Partition 2 Primary 686 GB 94 MB
    Partition 3 Primary 11 GB 686 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 90 MB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C HP NTFS Partition 686 GB Healthy Boot

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy

    ======================================================================================================

    ****** End Of Log ******

  8. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please do the following..


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #8
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    TDSS did not find anything so there is no log for that.

    I will have to surf the web a bit to see if clicking on links results in redirecting again and let you know.

    Combofix log:

    ComboFix 12-03-10.02 - Cusson 03/10/2012 22:23:15.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.5723 [GMT -5:00]
    Running from: c:\users\Cusson\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Dealio Toolbar
    c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul
    c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul
    c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RadioWidget.xul
    c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul
    c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
    c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
    c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\facebook.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\googleplus.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\radio-close.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\radio-minimize.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\radiobeta.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-wmrk-baidu.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-wmrk-yahoo.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-wmrk-yandex.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_baidu.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yandex.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\splitter.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\twitter.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif
    c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
    c:\program files (x86)\Dealio Toolbar\FF\install.rdf
    c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
    c:\program files (x86)\Dealio Toolbar\Res\apple.gif
    c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
    c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
    c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
    c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
    c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
    c:\program files (x86)\Dealio Toolbar\Res\facebook.gif
    c:\program files (x86)\Dealio Toolbar\Res\googleplus.gif
    c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
    c:\program files (x86)\Dealio Toolbar\Res\macys.gif
    c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
    c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
    c:\program files (x86)\Dealio Toolbar\Res\radio-close.gif
    c:\program files (x86)\Dealio Toolbar\Res\radio-minimize.gif
    c:\program files (x86)\Dealio Toolbar\Res\radiobeta.gif
    c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
    c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
    c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
    c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_baidu.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
    c:\program files (x86)\Dealio Toolbar\Res\search_yandex.gif
    c:\program files (x86)\Dealio Toolbar\Res\target.gif
    c:\program files (x86)\Dealio Toolbar\Res\twitter.gif
    c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
    c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\programdata\boost_interprocess\20120217083239.109999
    c:\programdata\SPL1956.tmp
    c:\programdata\SPLA431.tmp
    c:\programdata\SPLB0CE.tmp
    c:\programdata\SPLDDF1.tmp
    c:\programdata\SPLED4E.tmp
    c:\users\Cusson\AppData\Local\assembly\tmp
    c:\users\Cusson\AppData\Roaming\.#
    c:\users\Cusson\AppData\Roaming\1039.bat
    c:\users\Cusson\AppData\Roaming\1110.bat
    c:\users\Cusson\AppData\Roaming\1186.bat
    c:\users\Cusson\AppData\Roaming\1374.bat
    c:\users\Cusson\AppData\Roaming\1507.bat
    c:\users\Cusson\AppData\Roaming\1509.bat
    c:\users\Cusson\AppData\Roaming\1612.bat
    c:\users\Cusson\AppData\Roaming\1812.bat
    c:\users\Cusson\AppData\Roaming\1937.bat
    c:\users\Cusson\AppData\Roaming\1979.bat
    c:\users\Cusson\AppData\Roaming\2042.bat
    c:\users\Cusson\AppData\Roaming\2518.bat
    c:\users\Cusson\AppData\Roaming\2712.bat
    c:\users\Cusson\AppData\Roaming\2805.bat
    c:\users\Cusson\AppData\Roaming\2927.bat
    c:\users\Cusson\AppData\Roaming\3020.bat
    c:\users\Cusson\AppData\Roaming\3149.bat
    c:\users\Cusson\AppData\Roaming\3981.bat
    c:\users\Cusson\AppData\Roaming\4308.bat
    c:\users\Cusson\AppData\Roaming\4552.bat
    c:\users\Cusson\AppData\Roaming\4712.bat
    c:\users\Cusson\AppData\Roaming\4717.bat
    c:\users\Cusson\AppData\Roaming\5167.bat
    c:\users\Cusson\AppData\Roaming\5555.bat
    c:\users\Cusson\AppData\Roaming\5665.bat
    c:\users\Cusson\AppData\Roaming\57.bat
    c:\users\Cusson\AppData\Roaming\5728.bat
    c:\users\Cusson\AppData\Roaming\5898.bat
    c:\users\Cusson\AppData\Roaming\6475.bat
    c:\users\Cusson\AppData\Roaming\6582.bat
    c:\users\Cusson\AppData\Roaming\6838.bat
    c:\users\Cusson\AppData\Roaming\6883.bat
    c:\users\Cusson\AppData\Roaming\7383.bat
    c:\users\Cusson\AppData\Roaming\7406.bat
    c:\users\Cusson\AppData\Roaming\746.bat
    c:\users\Cusson\AppData\Roaming\7505.bat
    c:\users\Cusson\AppData\Roaming\775.bat
    c:\users\Cusson\AppData\Roaming\7886.bat
    c:\users\Cusson\AppData\Roaming\8101.bat
    c:\users\Cusson\AppData\Roaming\8645.bat
    c:\users\Cusson\AppData\Roaming\9532.bat
    c:\users\Cusson\AppData\Roaming\9547.bat
    c:\users\Cusson\AppData\Roaming\97.bat
    c:\users\Cusson\AppData\Roaming\9945.bat
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\users\Cusson\g2mdlhlpx.exe
    c:\users\Default\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 03:30 . 2012-03-11 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-10 23:25 . 2012-03-10 23:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D44337F-98C7-4334-8A47-CD40EA1EB9F6}\offreg.dll
    2012-03-10 23:25 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D44337F-98C7-4334-8A47-CD40EA1EB9F6}\mpengine.dll
    2012-03-08 01:46 . 2012-03-08 01:47 -------- d-----w- c:\program files (x86)\BZFlag2.4.0_32Bit
    2012-03-01 20:05 . 2012-03-01 21:09 -------- d-----w- c:\users\Cusson\AppData\Roaming\SpellQuizzer
    2012-03-01 20:05 . 2008-04-28 23:35 1623984 ----a-w- c:\windows\SysWow64\Codejock.Controls.v12.0.0.ocx
    2012-03-01 20:05 . 2004-07-28 03:08 141072 ----a-w- c:\windows\SysWow64\XZip.dll
    2012-03-01 20:05 . 2004-03-09 05:00 152848 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
    2012-03-01 20:05 . 2000-05-22 16:58 608448 ----a-w- c:\windows\SysWow64\ComCtl32.ocx
    2012-03-01 20:05 . 2000-05-22 05:00 198848 ----a-w- c:\windows\SysWow64\MCI32.OCX
    2012-03-01 20:05 . 2012-03-01 20:05 -------- d-----w- c:\program files (x86)\SpellQuizzer
    2012-02-25 12:10 . 2012-02-25 12:10 -------- d-sh--w- c:\programdata\SMHSUUGLD
    2012-02-25 12:10 . 2012-02-25 17:19 -------- d-sh--w- c:\programdata\14525a
    2012-02-24 21:54 . 2012-02-24 21:54 -------- d-----w- c:\users\Cusson\AppData\Local\Conduit
    2012-02-21 18:47 . 2012-02-21 18:47 -------- d-----w- c:\programdata\Broderbund
    2012-02-21 18:45 . 2002-05-07 05:09 274432 ----a-w- c:\windows\TLCUninstall.exe
    2012-02-21 18:45 . 2012-02-21 18:45 -------- d-----w- c:\program files (x86)\Broderbund
    2012-02-15 23:04 . 2012-02-15 23:04 -------- d-----w- c:\users\Cusson\AppData\Local\GameMaker8.1
    2012-02-15 23:04 . 2012-02-15 23:04 -------- d-----w- c:\users\Cusson\AppData\Local\YoYo_Games_Ltd
    2012-02-15 23:03 . 2012-02-27 03:17 -------- d-----w- c:\users\Cusson\AppData\Roaming\GameMaker
    2012-02-11 14:12 . 2012-02-11 14:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D3CB82C-F07C-4777-B31A-BEA8058B68F0}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 07:13 . 2010-01-22 15:09 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2010-01-20 16:54 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-27 00:00 . 2012-01-27 00:00 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 00:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2010-03-09 15:06 2355224 ----a-w- c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Akamai NetSession Interface"="c:\users\Cusson\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
    "MediaGet2"="c:\users\Cusson\AppData\Local\MediaGet2\mediaget.exe" [2012-02-23 8109800]
    "Spotify"="c:\users\Cusson\AppData\Roaming\Spotify\Spotify.exe" [2012-03-06 4008112]
    "SMD"="c:\programdata\14525a\StrongMD.exe" [2012-02-25 4298240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2011-04-11 1600744]
    "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2011-11-10 2697728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "wave1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-15 45736]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
    R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
    S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
    S2 seUpdateSvc;Safe Eyes Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2011-04-11 234496]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 68563645
    *NewlyCreated* - ASWMBR
    *Deregistered* - 68563645
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    LexPrintListener REG_MULTI_SZ LexPrintListener
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-106132503-47729567-364982966-1001Core.job
    - c:\users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 22:05]
    .
    2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-106132503-47729567-364982966-1001UA.job
    - c:\users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 22:05]
    .
    2012-03-01 c:\windows\Tasks\HPCeeScheduleForCusson.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-11-21 22:38]
    .
    2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 365592]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
    "EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.orbitdownloader.com
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to Mp3 Converter - c:\users\Cusson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: c:\windows\System32\icf.dll
    TCP: DhcpNameServer = 172.16.42.1
    FF - ProfilePath - c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2|Welcome to Facebook - Log In, Sign Up or Learn More
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-BZFlag2.4.0_64Bit - c:\program files (x86)\BZFlag2.4.0_64Bit\uninstall.exe
    AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-10 22:32:55
    ComboFix-quarantined-files.txt 2012-03-11 03:32
    .
    Pre-Run: 399,578,054,656 bytes free
    Post-Run: 399,433,539,584 bytes free
    .
    - - End Of File - - 5CD34422751548ED6A3270ECD516235A

  10. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    I still see some malware on your machine we need to deal with.


    1.
    We need to run a CFScript.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the codebox below into it:

    Code:
    Folder::
    c:\programdata\14525a
    
    DDS::
    uStart Page = hxxp://search.orbitdownloader.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMD"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



    2.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



    Things to include in your next reply::
    Combofix.txt
    MBAM LOG
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  11. #10
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Below is the first log. I already have Malwarebytes downloaded, but not with a different name. Do you want me to uninstall it and re-download it with the new name? I will wait to hear back from you before doing anything with Malwarebytes.

    ComboFix 12-03-10.02 - Cusson 03/11/2012 17:15:44.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.6403 [GMT -4:00]
    Running from: c:\users\Cusson\Desktop\ComboFix.exe
    Command switches used :: c:\users\Cusson\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\14525a
    c:\programdata\14525a\BackUp\Dropbox.lnk
    c:\programdata\14525a\BackUp\EvernoteClipper.lnk
    c:\programdata\14525a\BackUp\RescueTime.lnk
    c:\programdata\14525a\SMD.ico
    c:\programdata\14525a\StrongMD.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Seth\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\School\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Josiah\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Hannah\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Elias\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-11 21:24 . 2012-03-11 21:24 -------- d-----w- c:\users\Caleb\AppData\Local\temp
    2012-03-10 23:25 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D44337F-98C7-4334-8A47-CD40EA1EB9F6}\mpengine.dll
    2012-03-08 01:46 . 2012-03-08 01:47 -------- d-----w- c:\program files (x86)\BZFlag2.4.0_32Bit
    2012-03-01 20:05 . 2012-03-01 21:09 -------- d-----w- c:\users\Cusson\AppData\Roaming\SpellQuizzer
    2012-03-01 20:05 . 2008-04-28 23:35 1623984 ----a-w- c:\windows\SysWow64\Codejock.Controls.v12.0.0.ocx
    2012-03-01 20:05 . 2004-07-28 03:08 141072 ----a-w- c:\windows\SysWow64\XZip.dll
    2012-03-01 20:05 . 2004-03-09 05:00 152848 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
    2012-03-01 20:05 . 2000-05-22 16:58 608448 ----a-w- c:\windows\SysWow64\ComCtl32.ocx
    2012-03-01 20:05 . 2000-05-22 05:00 198848 ----a-w- c:\windows\SysWow64\MCI32.OCX
    2012-03-01 20:05 . 2012-03-01 20:05 -------- d-----w- c:\program files (x86)\SpellQuizzer
    2012-02-25 12:10 . 2012-02-25 12:10 -------- d-sh--w- c:\programdata\SMHSUUGLD
    2012-02-24 21:54 . 2012-02-24 21:54 -------- d-----w- c:\users\Cusson\AppData\Local\Conduit
    2012-02-21 18:47 . 2012-02-21 18:47 -------- d-----w- c:\programdata\Broderbund
    2012-02-21 18:45 . 2002-05-07 05:09 274432 ----a-w- c:\windows\TLCUninstall.exe
    2012-02-21 18:45 . 2012-02-21 18:45 -------- d-----w- c:\program files (x86)\Broderbund
    2012-02-15 23:04 . 2012-02-15 23:04 -------- d-----w- c:\users\Cusson\AppData\Local\GameMaker8.1
    2012-02-15 23:04 . 2012-02-15 23:04 -------- d-----w- c:\users\Cusson\AppData\Local\YoYo_Games_Ltd
    2012-02-15 23:03 . 2012-02-27 03:17 -------- d-----w- c:\users\Cusson\AppData\Roaming\GameMaker
    2012-02-11 14:12 . 2012-02-11 14:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D3CB82C-F07C-4777-B31A-BEA8058B68F0}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 07:13 . 2010-01-22 15:09 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2010-01-20 16:54 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-27 00:00 . 2012-01-27 00:00 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-11_03.30.51 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-21 16:08 . 2012-03-11 19:20 65848 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-03-09 17:52 30932 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-11 19:20 30932 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-01-21 14:33 . 2012-03-11 19:20 23436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-106132503-47729567-364982966-1001_UserData.bin
    - 2010-01-21 14:33 . 2012-03-09 17:52 23436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-106132503-47729567-364982966-1001_UserData.bin
    + 2010-01-20 21:03 . 2012-03-11 19:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-01-20 21:03 . 2012-03-10 12:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-01-20 21:03 . 2012-03-10 12:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-01-20 21:03 . 2012-03-11 19:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-01-20 21:03 . 2012-03-11 19:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-01-20 21:03 . 2012-03-10 12:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-01-20 18:09 . 2012-03-11 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-01-20 18:09 . 2012-03-10 12:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-20 18:09 . 2012-03-11 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-01-20 18:09 . 2012-03-10 12:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-10 12:31 . 2012-03-10 12:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-11 19:01 . 2012-03-11 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-11 19:01 . 2012-03-11 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-10 12:31 . 2012-03-10 12:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-03-05 15:46 729422 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-03-11 19:08 729422 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-05 15:46 147380 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-03-11 19:08 147380 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-03-10 04:39 409480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-11 16:44 409480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2012-03-11 13:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-03-10 23:35 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2010-01-21 07:03 . 2012-03-10 04:39 35463248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-106132503-47729567-364982966-1001-8192.dat
    + 2010-01-21 07:03 . 2012-03-11 16:44 35463248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-106132503-47729567-364982966-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 00:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2010-03-09 15:06 2355224 ----a-w- c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Akamai NetSession Interface"="c:\users\Cusson\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
    "MediaGet2"="c:\users\Cusson\AppData\Local\MediaGet2\mediaget.exe" [2012-02-23 8109800]
    "Spotify"="c:\users\Cusson\AppData\Roaming\Spotify\Spotify.exe" [2012-03-06 4008112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2011-04-11 1600744]
    "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
    "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\users\Cusson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2011-11-10 2697728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "wave1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-15 45736]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
    R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
    S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
    S2 seUpdateSvc;Safe Eyes Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2011-04-11 234496]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    LexPrintListener REG_MULTI_SZ LexPrintListener
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-106132503-47729567-364982966-1001Core.job
    - c:\users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 22:05]
    .
    2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-106132503-47729567-364982966-1001UA.job
    - c:\users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-21 22:05]
    .
    2012-03-01 c:\windows\Tasks\HPCeeScheduleForCusson.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-11-21 22:38]
    .
    2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Cusson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 365592]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
    "EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mLocal Page = %SystemRoot%\system32\blank.htm
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to Mp3 Converter - c:\users\Cusson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: c:\windows\System32\icf.dll
    TCP: DhcpNameServer = 172.16.42.1
    FF - ProfilePath - c:\users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2|Welcome to Facebook - Log In, Sign Up or Learn More
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-11 17:26:21
    ComboFix-quarantined-files.txt 2012-03-11 21:26
    ComboFix2.txt 2012-03-11 03:32
    .
    Pre-Run: 399,164,723,200 bytes free
    Post-Run: 398,866,812,928 bytes free
    .
    - - End Of File - - D15041158161FDCB95EFC2B79A189E22

Page 1 of 2 12 LastLast