1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Redirect

Discussion in 'Virus & Other Malware Removal' started by tanusgreystar, Feb 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    ComboFix 12-04-05.09 - Lyn 04/09/2012 18:20:46.5.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4472 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-09 22:29 . 2012-04-09 22:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-09 22:29 . 2012-04-09 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
    2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-26_01.14.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-07 18:35 . 2012-04-07 18:35 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 54272 c:\windows\SysWOW64\pngfilt.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 48640 c:\windows\SysWOW64\mshtmler.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 72704 c:\windows\SysWOW64\mshtmled.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 11776 c:\windows\SysWOW64\mshta.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 10752 c:\windows\SysWOW64\msfeedssync.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 41472 c:\windows\SysWOW64\msfeedsbs.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 23552 c:\windows\SysWOW64\licmgr10.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 78848 c:\windows\SysWOW64\inseng.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 35840 c:\windows\SysWOW64\imgutil.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 86528 c:\windows\SysWOW64\iesysprep.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 74752 c:\windows\SysWOW64\iesetup.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 31744 c:\windows\SysWOW64\iernonce.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 74240 c:\windows\SysWOW64\ie4uinit.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 66048 c:\windows\SysWOW64\icardie.dll
    + 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-25 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-04-09 10:19 68422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-04-09 22:35 16088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    + 2012-04-07 18:35 . 2012-04-07 18:35 91648 c:\windows\system32\SetIEInstalledDate.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 89088 c:\windows\system32\RegisterIEPKEYs.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 65024 c:\windows\system32\pngfilt.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 48640 c:\windows\system32\mshtmler.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 96256 c:\windows\system32\mshtmled.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 12288 c:\windows\system32\mshta.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 10752 c:\windows\system32\msfeedssync.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 55296 c:\windows\system32\msfeedsbs.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 30720 c:\windows\system32\licmgr10.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 85504 c:\windows\system32\jsproxy.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 49664 c:\windows\system32\imgutil.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 85504 c:\windows\system32\iesetup.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 39936 c:\windows\system32\iernonce.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 89088 c:\windows\system32\ie4uinit.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 82432 c:\windows\system32\icardie.dll
    + 2009-10-06 03:07 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 03:07 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 03:07 . 2012-03-06 14:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 03:07 . 2012-04-07 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-06 14:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-07 13:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 00:12 . 2012-04-07 13:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-06 00:12 . 2012-03-26 01:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-26 01:14 . 2012-03-26 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 135168 c:\windows\SysWOW64\XpsRasterService.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 442880 c:\windows\SysWOW64\XpsPrint.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 283648 c:\windows\SysWOW64\XpsGdiConverter.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 152064 c:\windows\SysWOW64\wextract.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 203776 c:\windows\SysWOW64\webcheck.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 420864 c:\windows\SysWOW64\vbscript.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 231936 c:\windows\SysWOW64\url.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 123392 c:\windows\SysWOW64\occache.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 162304 c:\windows\SysWOW64\msrating.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 161792 c:\windows\SysWOW64\msls31.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 580608 c:\windows\SysWOW64\msfeeds.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 196608 c:\windows\SysWOW64\mfreadwrite.dll
    - 2010-02-24 14:04 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 150528 c:\windows\SysWOW64\iexpress.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2010-11-04 06:18 . 2010-09-08 04:28 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 118784 c:\windows\SysWOW64\iepeers.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 353584 c:\windows\SysWOW64\iedkcs32.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 434176 c:\windows\SysWOW64\ieapfltr.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 163840 c:\windows\SysWOW64\ieakui.dll
    - 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 227840 c:\windows\SysWOW64\ieaksie.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 130560 c:\windows\SysWOW64\ieakeng.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 110592 c:\windows\SysWOW64\IEAdvpack.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 223232 c:\windows\SysWOW64\dxtrans.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 353792 c:\windows\SysWOW64\dxtmsft.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 218624 c:\windows\SysWOW64\d3d10_1core.dll
    - 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 161792 c:\windows\SysWOW64\d3d10_1.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 739840 c:\windows\SysWOW64\d2d1.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 101888 c:\windows\SysWOW64\admparse.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 229888 c:\windows\system32\XpsRasterService.dll
    - 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 662528 c:\windows\system32\XpsPrint.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 470016 c:\windows\system32\XpsGdiConverter.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 160256 c:\windows\system32\wextract.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 249344 c:\windows\system32\webcheck.dll
    + 2009-12-13 00:47 . 2012-03-26 02:25 277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2009-10-07 03:54 . 2012-04-09 17:28 356884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2012-04-07 18:35 . 2012-04-07 18:35 603648 c:\windows\system32\vbscript.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 237056 c:\windows\system32\url.dll
    + 2009-08-03 17:13 . 2012-04-01 19:05 732750 c:\windows\system32\perfh019.dat
    - 2009-08-03 17:13 . 2012-03-18 21:07 732750 c:\windows\system32\perfh019.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 670178 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-01 19:05 670178 c:\windows\system32\perfh009.dat
    + 2009-08-03 17:13 . 2012-04-01 19:05 154362 c:\windows\system32\perfc019.dat
    - 2009-08-03 17:13 . 2012-03-18 21:07 154362 c:\windows\system32\perfc019.dat
    - 2009-07-14 02:36 . 2012-03-18 21:07 125322 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-04-01 19:05 125322 c:\windows\system32\perfc009.dat
    + 2012-04-07 18:35 . 2012-04-07 18:35 149504 c:\windows\system32\occache.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 197120 c:\windows\system32\msrating.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 222208 c:\windows\system32\msls31.dll
    - 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 697344 c:\windows\system32\msfeeds.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 257024 c:\windows\system32\mfreadwrite.dll
    - 2009-07-14 00:18 . 2009-07-14 01:41 206848 c:\windows\system32\mfps.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 206848 c:\windows\system32\mfps.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 818688 c:\windows\system32\jscript.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 103936 c:\windows\system32\inseng.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 165888 c:\windows\system32\iexpress.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 173056 c:\windows\system32\ieUnatt.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 248320 c:\windows\system32\ieui.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 111616 c:\windows\system32\iesysprep.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 145920 c:\windows\system32\iepeers.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 403248 c:\windows\system32\iedkcs32.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 534528 c:\windows\system32\ieapfltr.dll
    - 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 163840 c:\windows\system32\ieakui.dll
    - 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 267776 c:\windows\system32\ieaksie.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 160256 c:\windows\system32\ieakeng.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 135168 c:\windows\system32\IEAdvpack.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 282112 c:\windows\system32\dxtrans.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 452608 c:\windows\system32\dxtmsft.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 265088 c:\windows\system32\drivers\dxgmms1.sys
    + 2012-04-07 18:34 . 2012-04-07 18:34 320512 c:\windows\system32\d3d10_1core.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 197120 c:\windows\system32\d3d10_1.dll
    - 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 902656 c:\windows\system32\d2d1.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 144384 c:\windows\system32\cdd.dll
    - 2010-07-14 13:11 . 2010-05-19 19:48 144384 c:\windows\system32\cdd.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 114176 c:\windows\system32\admparse.dll
    + 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-04 21:28 . 2012-04-09 22:30 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
    + 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1619456 c:\windows\SysWOW64\WMVDECOD.DLL
    + 2012-04-07 18:35 . 2012-04-07 18:35 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 1103360 c:\windows\SysWOW64\urlmon.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 3181568 c:\windows\SysWOW64\mf.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 1798656 c:\windows\SysWOW64\jscript9.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 9705472 c:\windows\SysWOW64\ieframe.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 3695416 c:\windows\SysWOW64\ieapfltr.dat
    + 2012-04-07 18:34 . 2012-04-07 18:34 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
    - 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1074176 c:\windows\SysWOW64\DWrite.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1170944 c:\windows\SysWOW64\d3d10warp.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1888256 c:\windows\system32\WMVDECOD.DLL
    + 2012-04-07 18:35 . 2012-04-07 18:35 1390080 c:\windows\system32\wininet.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 1345536 c:\windows\system32\urlmon.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 4068864 c:\windows\system32\mf.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 2308096 c:\windows\system32\jscript9.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 2144256 c:\windows\system32\iertutil.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 3695416 c:\windows\system32\ieapfltr.dat
    + 2012-04-07 18:34 . 2012-04-07 18:34 1133568 c:\windows\system32\FntCache.dll
    - 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1863680 c:\windows\system32\ExplorerFrame.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1540608 c:\windows\system32\DWrite.dll
    + 2012-04-07 18:34 . 2012-04-07 18:34 1837568 c:\windows\system32\d3d10warp.dll
    + 2011-02-06 04:55 . 2012-04-09 22:30 5169524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    + 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\80f60.msi
    + 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
    + 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2012-04-07 18:35 . 2012-04-07 18:35 12282368 c:\windows\SysWOW64\mshtml.dll
    - 2009-07-14 02:34 . 2012-03-15 13:15 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-04-09 13:18 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-04-07 18:35 . 2012-04-07 18:35 17790464 c:\windows\system32\mshtml.dll
    + 2012-04-07 18:35 . 2012-04-07 18:35 10887168 c:\windows\system32\ieframe.dll
    + 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\80f61.msp
    + 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-09 18:53:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-09 22:53
    ComboFix2.txt 2012-04-05 23:56
    ComboFix3.txt 2012-03-31 15:32
    ComboFix4.txt 2012-03-29 19:58
    ComboFix5.txt 2012-04-09 22:19
    .
    Pre-Run: 145,305,149,440 bytes free
    Post-Run: 145,635,635,200 bytes free
    .
    - - End Of File - - 45C9344BE0E2B69EE71820C002D5D172
    Upload was successful
    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:57 on 09/04/2012 by Lyn
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== filefind ==========

    Searching for "**softonic**"
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe ------- 293184 bytes [00:09 07/12/2010] [00:10 07/12/2010] 2B8E192326CA1ED2FB9CEC7B2392ACF4
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe ------- 304920 bytes [00:15 06/02/2011] [00:16 06/02/2011] 979B1833E45FF582B08D4322449AC177
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe ------- 304920 bytes [00:10 06/02/2011] [00:10 06/02/2011] 979B1833E45FF582B08D4322449AC177
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe ------- 293144 bytes [16:44 08/12/2010] [16:44 08/12/2010] 5A67F2DE41A47D966C22E678B141849A
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe ------- 293152 bytes [16:30 08/12/2010] [16:30 08/12/2010] 5BCEC254C7850A1AD814074099E44857

    -= EOF =-
     
  2. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    The files downloaded by Softonic are classified as a low risk threat because they install adware on your machine. If you wish to remove them, the choice is yours. If you decide you want them removed, run the following script.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    File::
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
    C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------

    Also, I'd like to have a look at your hosts file.

    To view the Hosts file in Notepad;

    Please press the [​IMG] + R key and copy/paste or type: notepad %windir%\system32\drivers\etc\hosts into the run dialogue box and then press ENTER.

    Copy/Paste the complete contents into your next reply.

    You didn't say whether the router reset solved the redirect problem.

    Please let me know whether it did and also if there are any more problems.
     
  3. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi Dave,

    I don't know if the reset fixed anything just yet. I'll gladly get rid of all the Softonic stuff. I'll do that right now.
     
  4. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Good. (y) Only just realised, your original concern was about the downloader anyway. :) I think Combofix should automatically reset your hosts file but I'd like to have a look anyway, to make sure.
     
  5. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ::1 localhost
    216.240.133.193 www.google-analytics.com.
    216.240.133.193 ad-emea.doubleclick.net.
    216.240.133.193 www.statcounter.com.
    69.72.252.254 www.google-analytics.com.
    69.72.252.254 ad-emea.doubleclick.net.
    69.72.252.254 www.statcounter.com.
    ComboFix 12-04-05.09 - Lyn 04/09/2012 23:19:06.6.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4746 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe"
    "c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe"
    "c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe"
    "c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe"
    "c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
    c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
    c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
    c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
    c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
    2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-10 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-10 03:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-10 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-04-10 03:31 68636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-10 03:31 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-04-10 03:31 16200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    + 2012-04-09 23:12 . 2012-04-09 23:12 9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
    + 2012-04-09 23:12 . 2012-04-09 23:12 4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
    + 2012-04-09 23:12 . 2012-04-09 23:12 2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
    - 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-10 03:29 . 2012-04-10 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-10 03:29 . 2012-04-10 03:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-04-10 03:28 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-04-04 21:28 . 2012-04-09 22:30 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
    + 2011-04-04 21:28 . 2012-04-10 03:28 388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
    + 2011-02-06 04:55 . 2012-04-10 03:28 5316060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-09 23:47:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-10 03:46
    ComboFix2.txt 2012-04-09 22:55
    ComboFix3.txt 2012-04-05 23:56
    ComboFix4.txt 2012-03-31 15:32
    ComboFix5.txt 2012-04-10 03:18
    .
    Pre-Run: 144,948,301,824 bytes free
    Post-Run: 144,655,527,936 bytes free
    .
    - - End Of File - - 95F7DBB58766123F2E1B8809D5DFB0C7
     
  6. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Not sure why Combofix didn't reset your hosts file, it should have.

    Download the HostsXpert - Hosts File Manager.

    • Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    • Run HostsXpert - Hosts File Manager from its new home
    • Click on "File Handling".
    • Click on "Restore MS Hosts File".
    • Click OK on the Confirmation box.
    • Click on "Make Read Only?"
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


    Then reboot your machine and follow the steps in post #32 to view your hosts file again, it should look like this.

    There shouldn't be anything below ::1 localhost

    Let me know how it goes.

    Are you still getting redirects?
     
  7. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi. Even though the program said it couldn't write to my host file, it did work. Still getting redirects. : (
     
  8. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    It may be something thats been altered in your network settings. Lets try this first and if it doesn't work, we'll take a more in-depth look at whats happening.

    Copy and paste these lines into Notepad.

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop.
    Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

    Then run Combofix by double clicking its icon and post the log produced in your next reply.

    Let me know if you're still getting redirected.
     
  9. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi. Just to let you know I can do this tomorrow. Thanks!
     
  10. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    No problem.
     
  11. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Its been more than 2 days again without a response. Do you wish to continue?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    I think we'll just close it this time. You really need to reply in a timley manner if you want assistance with malware removal.
     
  13. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    Hi. Thanks for reopening! I'll try to do he last step and get back to you today. Thanks again!
     
  14. tanusgreystar

    tanusgreystar Thread Starter

    Joined:
    Oct 15, 2007
    Messages:
    139
    ComboFix 12-04-18.01 - Lyn 04/18/2012 12:44:13.7.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4706 [GMT -4:00]
    Running from: c:\users\Lyn\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-18 16:54 . 2012-04-18 16:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-18 16:54 . 2012-04-18 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-15 09:52 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
    2012-04-13 14:30 . 2012-04-13 14:30 -------- d-----w- C:\Perfect World Entertainment
    2012-04-13 14:21 . 2012-04-13 13:00 258352 ----a-w- c:\windows\SysWow64\unicows.dll
    2012-04-13 12:52 . 2012-04-14 03:11 -------- d-----w- c:\users\Lyn\AppData\Local\PMB Files
    2012-04-13 12:52 . 2012-04-13 12:53 -------- d-----w- c:\programdata\PMB Files
    2012-04-12 07:23 . 2012-04-12 07:23 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
    2012-04-07 18:34 . 2012-04-07 18:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-04-07 13:44 . 2012-04-07 13:44 -------- d-----w- c:\program files (x86)\ESET
    2012-04-07 13:37 . 2012-04-07 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-04-07 13:37 . 2012-04-10 21:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-03-26 12:49 . 2012-03-26 12:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-26 12:49 . 2012-03-26 12:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-26 01:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-26 01:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-26 01:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-26 01:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-26 01:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-26 01:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-26 01:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-26 01:46 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-26 01:46 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\programdata\AVAST Software
    2012-03-26 01:46 . 2012-03-26 01:46 -------- d-----w- c:\program files\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 21:05 . 2010-06-01 18:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-23 14:18 . 2009-10-06 00:18 279656 ------w- c:\windows\system32\MpSigStub.exe
    2009-04-08 14:31 . 2009-04-08 14:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-04-18 16:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-09 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-18 16:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-18 16:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-06 00:29 . 2012-04-18 16:58 69600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-04-09 22:35 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-18 16:58 49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-06 00:15 . 2012-04-18 16:58 16542 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
    + 2009-10-06 03:07 . 2012-04-17 12:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-06 03:07 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-06 03:07 . 2012-04-17 12:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-06 03:07 . 2012-04-07 18:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-17 12:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-07 18:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-04-11 06:56 76568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-04-09 23:12 . 2012-04-09 23:12 9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
    + 2012-04-09 23:12 . 2012-04-09 23:12 4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
    + 2012-04-09 23:12 . 2012-04-09 23:12 2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
    - 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-18 16:55 . 2012-04-18 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-18 16:55 . 2012-04-18 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-09 22:30 . 2012-04-09 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-10-07 03:54 . 2012-04-17 21:07 356892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 05:01 . 2012-04-09 22:30 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-04-18 16:55 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-04-13 01:49 . 2012-04-16 03:42 387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-4096.dat
    + 2011-04-04 21:28 . 2012-04-18 16:55 492216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
    - 2009-07-14 04:45 . 2011-09-23 03:35 3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2012-04-11 06:26 3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-02-06 04:55 . 2012-04-18 16:55 9663552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
    - 2009-07-14 02:34 . 2012-04-09 13:18 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-04-16 14:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 21:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
    "chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
    "Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
    R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
    S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
    S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
    - c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 20:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
    "datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
    57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
    "rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files (x86)\Razer\Salmosa\razertra.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-18 13:13:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-18 17:13
    ComboFix2.txt 2012-04-10 03:47
    ComboFix3.txt 2012-04-09 22:55
    ComboFix4.txt 2012-04-05 23:56
    ComboFix5.txt 2012-04-18 16:42
    .
    Pre-Run: 128,145,285,120 bytes free
    Post-Run: 127,733,657,600 bytes free
    .
    - - End Of File - - A1136971D992A09F3AF55D055B4A0E93
    Still redirecting.
     
  15. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Sorry, I had overlooked your thread because I had unsubscribed. I'll have another look at your logs now.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1042798