Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Browser Redirect


(!)

tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
09-Apr-2012, 06:58 PM #31
ComboFix 12-04-05.09 - Lyn 04/09/2012 18:20:46.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4472 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 22:29 . 2012-04-09 22:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 22:29 . 2012-04-09 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_01.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 18:35 . 2012-04-07 18:35 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 66048 c:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-09 10:19 68422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-09 22:35 16088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2012-04-07 18:35 . 2012-04-07 18:35 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 65024 c:\windows\system32\pngfilt.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 48640 c:\windows\system32\mshtmler.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 12288 c:\windows\system32\mshta.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 10752 c:\windows\system32\msfeedssync.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 30720 c:\windows\system32\licmgr10.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 49664 c:\windows\system32\imgutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 85504 c:\windows\system32\iesetup.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 39936 c:\windows\system32\iernonce.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 89088 c:\windows\system32\ie4uinit.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 82432 c:\windows\system32\icardie.dll
+ 2009-10-06 03:07 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 03:07 . 2012-04-07 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\Acrofx32.dll
- 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 442880 c:\windows\SysWOW64\XpsPrint.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 283648 c:\windows\SysWOW64\XpsGdiConverter.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 123392 c:\windows\SysWOW64\occache.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 196608 c:\windows\SysWOW64\mfreadwrite.dll
- 2010-02-24 14:04 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2010-11-04 06:18 . 2010-09-08 04:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 218624 c:\windows\SysWOW64\d3d10_1core.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 739840 c:\windows\SysWOW64\d2d1.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 229888 c:\windows\system32\XpsRasterService.dll
- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 662528 c:\windows\system32\XpsPrint.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 470016 c:\windows\system32\XpsGdiConverter.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 160256 c:\windows\system32\wextract.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 249344 c:\windows\system32\webcheck.dll
+ 2009-12-13 00:47 . 2012-03-26 02:25 277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-07 03:54 . 2012-04-09 17:28 356884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-07 18:35 . 2012-04-07 18:35 603648 c:\windows\system32\vbscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 237056 c:\windows\system32\url.dll
+ 2009-08-03 17:13 . 2012-04-01 19:05 732750 c:\windows\system32\perfh019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07 732750 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07 670178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05 670178 c:\windows\system32\perfh009.dat
+ 2009-08-03 17:13 . 2012-04-01 19:05 154362 c:\windows\system32\perfc019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07 154362 c:\windows\system32\perfc019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07 125322 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05 125322 c:\windows\system32\perfc009.dat
+ 2012-04-07 18:35 . 2012-04-07 18:35 149504 c:\windows\system32\occache.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 197120 c:\windows\system32\msrating.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 697344 c:\windows\system32\msfeeds.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 257024 c:\windows\system32\mfreadwrite.dll
- 2009-07-14 00:18 . 2009-07-14 01:41 206848 c:\windows\system32\mfps.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 206848 c:\windows\system32\mfps.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 818688 c:\windows\system32\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 103936 c:\windows\system32\inseng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 165888 c:\windows\system32\iexpress.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 173056 c:\windows\system32\ieUnatt.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 248320 c:\windows\system32\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 111616 c:\windows\system32\iesysprep.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 145920 c:\windows\system32\iepeers.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 403248 c:\windows\system32\iedkcs32.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 267776 c:\windows\system32\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 160256 c:\windows\system32\ieakeng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 282112 c:\windows\system32\dxtrans.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 452608 c:\windows\system32\dxtmsft.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2012-04-07 18:34 . 2012-04-07 18:34 320512 c:\windows\system32\d3d10_1core.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 197120 c:\windows\system32\d3d10_1.dll
- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 902656 c:\windows\system32\d2d1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 144384 c:\windows\system32\cdd.dll
- 2010-07-14 13:11 . 2010-05-19 19:48 144384 c:\windows\system32\cdd.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-04 21:28 . 2012-04-09 22:30 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\a3dutils.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1619456 c:\windows\SysWOW64\WMVDECOD.DLL
+ 2012-04-07 18:35 . 2012-04-07 18:35 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 3181568 c:\windows\SysWOW64\mf.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-04-07 18:34 . 2012-04-07 18:34 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1888256 c:\windows\system32\WMVDECOD.DLL
+ 2012-04-07 18:35 . 2012-04-07 18:35 1390080 c:\windows\system32\wininet.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 4068864 c:\windows\system32\mf.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 2308096 c:\windows\system32\jscript9.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 2144256 c:\windows\system32\iertutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 3695416 c:\windows\system32\ieapfltr.dat
+ 2012-04-07 18:34 . 2012-04-07 18:34 1133568 c:\windows\system32\FntCache.dll
- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1540608 c:\windows\system32\DWrite.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34 1837568 c:\windows\system32\d3d10warp.dll
+ 2011-02-06 04:55 . 2012-04-09 22:30 5169524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\80f60.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroRd32.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-03-15 13:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-09 13:18 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-07 18:35 . 2012-04-07 18:35 17790464 c:\windows\system32\mshtml.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35 10887168 c:\windows\system32\ieframe.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\80f61.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\ 10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder. exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe " [2012-04-04 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\Of ficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programd ata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57, ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17, \
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-04-09 18:53:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 22:53
ComboFix2.txt 2012-04-05 23:56
ComboFix3.txt 2012-03-31 15:32
ComboFix4.txt 2012-03-29 19:58
ComboFix5.txt 2012-04-09 22:19
.
Pre-Run: 145,305,149,440 bytes free
Post-Run: 145,635,635,200 bytes free
.
- - End Of File - - 45C9344BE0E2B69EE71820C002D5D172
Upload was successful
SystemLook 30.07.11 by jpshortstuff
Log created at 18:57 on 09/04/2012 by Lyn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "**softonic**"
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe ------- 293184 bytes [00:09 07/12/2010] [00:10 07/12/2010] 2B8E192326CA1ED2FB9CEC7B2392ACF4
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe ------- 304920 bytes [00:15 06/02/2011] [00:16 06/02/2011] 979B1833E45FF582B08D4322449AC177
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe ------- 304920 bytes [00:10 06/02/2011] [00:10 06/02/2011] 979B1833E45FF582B08D4322449AC177
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe ------- 293144 bytes [16:44 08/12/2010] [16:44 08/12/2010] 5A67F2DE41A47D966C22E678B141849A
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe ------- 293152 bytes [16:30 08/12/2010] [16:30 08/12/2010] 5BCEC254C7850A1AD814074099E44857

-= EOF =-
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
09-Apr-2012, 10:47 PM #32
Hi,

The files downloaded by Softonic are classified as a low risk threat because they install adware on your machine. If you wish to remove them, the choice is yours. If you decide you want them removed, run the following script.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Code:
File::
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

----------------------------------------------------------------------------------

Also, I'd like to have a look at your hosts file.

To view the Hosts file in Notepad;

Please press the + R key and copy/paste or type: notepad %windir%\system32\drivers\etc\hosts into the run dialogue box and then press ENTER.

Copy/Paste the complete contents into your next reply.

You didn't say whether the router reset solved the redirect problem.

Please let me know whether it did and also if there are any more problems.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
09-Apr-2012, 11:11 PM #33
Hi Dave,

I don't know if the reset fixed anything just yet. I'll gladly get rid of all the Softonic stuff. I'll do that right now.
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
09-Apr-2012, 11:23 PM #34
Good. Only just realised, your original concern was about the downloader anyway. I think Combofix should automatically reset your hosts file but I'd like to have a look anyway, to make sure.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
09-Apr-2012, 11:52 PM #35
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
216.240.133.193 www.google-analytics.com.
216.240.133.193 ad-emea.doubleclick.net.
216.240.133.193 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.
ComboFix 12-04-05.09 - Lyn 04/09/2012 23:19:06.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4746 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-10 03:31 68636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 03:31 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-10 03:31 16200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12 9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12 4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12 2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 03:29 . 2012-04-10 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 03:29 . 2012-04-10 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-10 03:28 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-04 21:28 . 2012-04-09 22:30 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-04-04 21:28 . 2012-04-10 03:28 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-02-06 04:55 . 2012-04-10 03:28 5316060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder. exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe " [2012-04-04 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\Of ficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programd ata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57, ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17, \
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-04-09 23:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 03:46
ComboFix2.txt 2012-04-09 22:55
ComboFix3.txt 2012-04-05 23:56
ComboFix4.txt 2012-03-31 15:32
ComboFix5.txt 2012-04-10 03:18
.
Pre-Run: 144,948,301,824 bytes free
Post-Run: 144,655,527,936 bytes free
.
- - End Of File - - 95F7DBB58766123F2E1B8809D5DFB0C7

Last edited by Cookiegal; 17-Apr-2012 at 03:38 PM.. Reason: To eliminate unnecessary white space
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
10-Apr-2012, 09:19 PM #36
Hi,

Not sure why Combofix didn't reset your hosts file, it should have.

Download the HostsXpert - Hosts File Manager.
  • Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Then reboot your machine and follow the steps in post #32 to view your hosts file again, it should look like this.

Quote:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
There shouldn't be anything below ::1 localhost

Let me know how it goes.

Are you still getting redirects?
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
12-Apr-2012, 05:20 PM #37
Hi. Even though the program said it couldn't write to my host file, it did work. Still getting redirects. : (
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
14-Apr-2012, 12:38 PM #38
Hi,

It may be something thats been altered in your network settings. Lets try this first and if it doesn't work, we'll take a more in-depth look at whats happening.

Copy and paste these lines into Notepad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Then run Combofix by double clicking its icon and post the log produced in your next reply.

Let me know if you're still getting redirected.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
14-Apr-2012, 02:32 PM #39
Hi. Just to let you know I can do this tomorrow. Thanks!
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
14-Apr-2012, 02:53 PM #40
No problem.
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
16-Apr-2012, 02:52 PM #41
Hi,

Its been more than 2 days again without a response. Do you wish to continue?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,758 posts.
 
Join Date: Aug 2003
17-Apr-2012, 03:39 PM #42
I think we'll just close it this time. You really need to reply in a timley manner if you want assistance with malware removal.
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
18-Apr-2012, 12:19 PM #43
Hi. Thanks for reopening! I'll try to do he last step and get back to you today. Thanks again!
tanusgreystar's Avatar
tanusgreystar tanusgreystar is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Location: Maine
Experience: Intermediate
18-Apr-2012, 01:16 PM #44
ComboFix 12-04-18.01 - Lyn 04/18/2012 12:44:13.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4706 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:54 . 2012-04-18 16:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 16:54 . 2012-04-18 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 09:52 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
2012-04-13 14:30 . 2012-04-13 14:30 -------- d-----w- C:\Perfect World Entertainment
2012-04-13 14:21 . 2012-04-13 13:00 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-13 12:52 . 2012-04-14 03:11 -------- d-----w- c:\users\Lyn\AppData\Local\PMB Files
2012-04-13 12:52 . 2012-04-13 12:53 -------- d-----w- c:\programdata\PMB Files
2012-04-12 07:23 . 2012-04-12 07:23 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-10 21:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-06 00:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-18 16:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 16:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 16:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-18 16:58 69600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-18 16:58 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-18 16:58 16542 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2009-10-06 03:07 . 2012-04-17 12:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-10-06 03:07 . 2012-04-17 12:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 12:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-11 06:56 76568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
+ 2012-04-09 23:12 . 2012-04-09 23:12 9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12 4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12 2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 16:55 . 2012-04-18 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 16:55 . 2012-04-18 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 03:54 . 2012-04-17 21:07 356892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-18 16:55 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-13 01:49 . 2012-04-16 03:42 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-4096.dat
+ 2011-04-04 21:28 . 2012-04-18 16:55 492216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
- 2009-07-14 04:45 . 2011-09-23 03:35 3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-11 06:26 3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
+ 2011-02-06 04:55 . 2012-04-18 16:55 9663552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
- 2009-07-14 02:34 . 2012-04-09 13:18 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-16 14:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder. exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe " [2012-04-12 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\Of ficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programd ata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57, ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17, \
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
.
**************************************************************************
.
Completion time: 2012-04-18 13:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 17:13
ComboFix2.txt 2012-04-10 03:47
ComboFix3.txt 2012-04-09 22:55
ComboFix4.txt 2012-04-05 23:56
ComboFix5.txt 2012-04-18 16:42
.
Pre-Run: 128,145,285,120 bytes free
Post-Run: 127,733,657,600 bytes free
.
- - End Of File - - A1136971D992A09F3AF55D055B4A0E93
Still redirecting.
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 496 posts.
 
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
22-Apr-2012, 08:04 PM #45
Hi,

Sorry, I had overlooked your thread because I had unsubscribed. I'll have another look at your logs now.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑