1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

easylife app

Discussion in 'Virus & Other Malware Removal' started by jthompsonjr, Jan 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    First of all, many thanks in advance for looking at this.

    Symptoms
    I have noticed more pop-ups lately (I normally use Firefox and usually don't get a lot of pop-up ads).
    On many webpages, random words are showing as hyperlinks and when I put my mouse on the link an advertisement shows up.
    When I open internet explorer, my Microsoft Security Essentials shows a FastSave App adware and even though I delete it every time, it keeps coming back. Here is the file:

    file:C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3APVGCHT\fs[1].js

    I ran a complete scan with Microsoft Security Essentials and Malwarebytes Antimalware with neither finding any issues.


    HJT

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:59:33 AM, on 1/20/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Users\john\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Browse2save - {E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - C:\ProgramData\Browse2save\50d245f133d9f.ocx
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN24P5626J05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
    O4 - Startup: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/activex/COPPDetector.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c9ede193da3c50) (gupdate1c9ede193da3c50) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14656 bytes


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/21/2008 5:34:35 AM
    System Uptime: 1/19/2013 6:44:37 PM (18 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30F4
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | CPU | 1600/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 141.32 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.873 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0006
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0006
    Service: tunnel
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP Photosmart C4700
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: HP Photosmart C4700
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP Color LaserJet CP2025dn
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet CP2025dn
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 4000 Series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4000 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 4500 G510n-z
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer: HP
    Name: Officejet 4500 G510n-z
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart 6510 series
    Device ID: ROOT\MULTIFUNCTION\0008
    Manufacturer: HP
    Name: Photosmart 6510 series
    PNP Device ID: ROOT\MULTIFUNCTION\0008
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0009
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0009
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    AAC Decoder
    Acrobat.com
    Adobe After Effects 7.0
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe ExtendScript Toolkit 1.0
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop CS
    Adobe Photoshop Elements 6.0
    Adobe Reader 9.5.2
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Agere Systems HDA Modem
    AIM 6
    Air Mouse Server
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AutoUpdate
    Blackboard IM 4.0.1-C
    Bonjour
    Browse2save
    BufferChm
    C4700
    CamStudio
    Cards_Calendar_OrderGift_DoMorePlugout
    CCScore
    CleanUp!
    Codec Pack - All In 1 6.0.3.0
    Color Finesse
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink YouCam
    Cycore FX 1.0.1 for After Effects
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    DNA
    Doxillion Document Converter
    eBook: Marketing Education Study Guide
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    essvatgt
    Facebook Plug-In
    FileZilla Client 3.1.6
    FirstClass® Client
    GIMP 2.6.7
    Google Chrome
    Google Earth
    Google SketchUp 8
    Google Update Helper
    Google Updater
    GPBaseService2
    GPL Ghostscript 8.63
    H.264 Decoder
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HotPotatoes v 6.3.0.4
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Doc Viewer
    HP Help and Support
    HP Imaging Device Functions 13.0
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Photo Creations
    HP Photosmart 6510 series Basic Device Software
    HP Photosmart 6510 series Help
    HP Photosmart 6510 series Product Improvement Study
    HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
    HP Photosmart Essential 2.5
    HP Print Projects 1.0
    HP Quick Launch Buttons 6.40 D3
    HP QuickPlay 3.7
    HP QuickTouch 1.00 D2
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0103
    HP Wireless Assistant
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    hpWLPGInstaller
    IDT Audio
    ImTOO DVD Ripper Platinum 5
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Jing
    JMicron JMB38X Flash Media Controller
    Keylight 1.1v1 for After Effects 7.0
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    LabelPrint
    LAME v3.98.2 for Audacity
    LightScribe System Software 1.12.33.2
    LightScribe Template Labeler
    Logitech Harmony Remote Software
    Logitech Vid HD
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Fireworks MX 2004
    Macromedia Flash MX 2004
    Macromedia FreeHand MXa
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MKV Splitter
    MobileMe Control Panel
    Monkey Merge
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 14.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    netbrdg
    Network64
    Notifier
    NVIDIA Drivers
    OfotoXMI
    OJOsoft Total Video Converter
    OpenOffice.org 3.0
    Oracle JInitiator 1.3.1.28
    PCDADDIN
    PCDHELP
    PDFCreator
    PDFill PDF Editor with FREE PDF Writer and Tools
    pdfsam
    PhotoNow!
    PixiePack Codec Pack
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    PS_AIO_06_C4700_SW_Min
    PSSWCORE
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Segoe UI
    SFR
    SHASTA
    Shop for HP Supplies
    SKIN0001
    SKINXSDK
    Skype Toolbars
    Skype™ 5.10
    Slingbox Flash Tour
    SlingPlayer
    SmartWebPrinting
    SolutionCenter
    staticcr
    Status
    Synaptics Pointing Device Driver
    Teachertube Video Downloader 3.13
    Toolbox
    tooltips
    TrayApp
    Tunebite
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Vista Codec Package
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.0.3
    VPRINTOL
    WebEx
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinSCP
    WIRELESS
    Wisdom-soft ScreenHunter 5.0 Free
    Yahoo! Messenger
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
    Run by john at 12:00:06 on 2013-01-20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1417 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Photosmart 6510 series\bin\HPNetworkCommunicator.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://search.easylifeapp.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Tunebite_WebRipPlugin Class: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Browse2save Class: {E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - C:\ProgramData\Browse2save\50d245f133d9f.ocx
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Aim6] <no file>
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{8F5BB565-6DF2-4875-B406-B92AC47A99CE} : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    TCP: Interfaces\{F7787392-20A7-48D8-BBE3-5F50AEADFE43} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs=
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13128.dll
    FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Users\john\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\john\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Users\john\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2012-12-19 17:55; [email protected]; C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-21 52856]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-6-27 89088]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 28464]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-23 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-1-18 682344]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-6-5 341328]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-6-5 193840]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-4-11 125328]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-6-22 24176]
    R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-7-21 4730368]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9ede193da3c50;Google Update Service (gupdate1c9ede193da3c50);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-15 133104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-13 89920]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-09 08:03:27 67599240 ----a-w- C:\Windows\System32\mrt.exe
    2013-01-09 04:08:52 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 04:08:52 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-04 13:23:30 5724160 ----a-w- C:\Windows\System32\mshtml.dll
    2013-01-04 13:03:12 3620864 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-10 02:08:38 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-10 01:48:26 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-27 04:26:19 1032192 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-27 04:26:05 1428992 ----a-w- C:\Windows\System32\urlmon.dll
    2012-10-27 04:26:05 108544 ----a-w- C:\Windows\System32\url.dll
    2012-10-27 04:24:27 1129984 ----a-w- C:\Windows\System32\mstime.dll
    2012-10-27 04:24:15 761344 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-10-27 04:24:15 623616 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-10-27 04:23:44 32256 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-10-27 04:23:32 7050752 ----a-w- C:\Windows\System32\ieframe.dll
    2012-10-27 04:23:32 375808 ----a-w- C:\Windows\System32\iertutil.dll
    2012-10-27 04:23:32 249856 ----a-w- C:\Windows\System32\iepeers.dll
    2012-10-27 04:23:32 224768 ----a-w- C:\Windows\System32\ieui.dll
    2012-10-27 04:23:31 422400 ----a-w- C:\Windows\System32\ieapfltr.dll
    2012-10-27 03:52:52 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-27 03:52:43 1176576 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-10-27 03:52:43 106496 ----a-w- C:\Windows\SysWow64\url.dll
    2012-10-27 03:51:30 671232 ----a-w- C:\Windows\SysWow64\mstime.dll
    2012-10-27 03:51:18 479232 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-10-27 03:51:17 498688 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-10-27 03:50:53 27648 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-10-27 03:50:41 6118400 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-10-27 03:50:41 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
    2012-10-27 03:50:41 270336 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-10-27 03:50:41 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll
    2012-10-27 03:50:41 180736 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-10-27 03:00:43 485376 ----a-w- C:\Windows\System32\html.iec
    2012-10-27 02:14:21 389632 ----a-w- C:\Windows\SysWow64\html.iec
    2003-03-21 17:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx
    .
    ============= FINISH: 12:00:49.11 ===============


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-20 18:48:52
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C 298.09GB
    Running: 29fk6m7x.exe; Driver: C:\Users\john\AppData\Local\Temp\kxldypog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771e9475 8 bytes {MOV EDX, 0xb03a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000771e947f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000771e94ed 8 bytes {MOV EDX, 0xb01a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000771e94f7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000771e95f5 8 bytes {MOV EDX, 0xb0168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000771e95ff 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771e969d 8 bytes {MOV EDX, 0xb03e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000771e96a7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771e96cd 8 bytes {MOV EDX, 0xb0328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000771e96d7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771e96e5 8 bytes {MOV EDX, 0xb0128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000771e96ef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771e96fd 8 bytes {MOV EDX, 0xb04a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000771e9707 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771e972d 8 bytes {MOV EDX, 0xb04e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000771e9737 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771e97a5 8 bytes {MOV EDX, 0xb0468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000771e97af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771e97bd 8 bytes {MOV EDX, 0xb0428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000771e97c7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771e9805 8 bytes {MOV EDX, 0xb0068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000771e980f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000771e9865 8 bytes {MOV EDX, 0xb02a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000771e986f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771e98f5 8 bytes {MOV EDX, 0xb00a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000771e98ff 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000771e9a2d 8 bytes {MOV EDX, 0xb0268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000771e9a37 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771e9b35 8 bytes {MOV EDX, 0xb0028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000771e9b3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000771ea20d 8 bytes {MOV EDX, 0xb0228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000771ea217 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000771ea9fd 8 bytes {MOV EDX, 0xb01e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000771eaa07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771eaa45 8 bytes {MOV EDX, 0xb0368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000771eaa4f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771eaabd 8 bytes {MOV EDX, 0xb02e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000771eaac7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771eacb5 8 bytes {MOV EDX, 0xb00e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000771eacbf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075710c0f 5 bytes JMP 00000001000100b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075710c44 5 bytes JMP 00000001000100f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateEventW 0000000075711b2d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!OpenEventW 000000007571f0c5 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076024a48 5 bytes JMP 00000001000c01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076024c6a 5 bytes JMP 00000001000c03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076024d90 5 bytes JMP 00000001000c05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076024f32 5 bytes JMP 00000001000c0a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076024fdd 5 bytes JMP 00000001000c08f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000760252e2 5 bytes JMP 00000001000c0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076025dfe 5 bytes JMP 00000001000c06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076025f04 5 bytes JMP 00000001000c0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076026513 5 bytes JMP 00000001000c0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000760265da 5 bytes JMP 00000001000c0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076026700 5 bytes JMP 00000001000c0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076026d9c 5 bytes JMP 00000001000c0d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetTextAlign 000000007602705b 5 bytes JMP 00000001000c09f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000760271f5 5 bytes JMP 00000001000c0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007602746b 5 bytes JMP 00000001000c09b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000760277c7 5 bytes JMP 00000001000c02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076027911 5 bytes JMP 00000001000c05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076027a2c 1 byte JMP 00000001000c0e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW + 2 0000000076027a2e 3 bytes {JMP 0xffffffff8a099404}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076027b87 5 bytes JMP 00000001000c03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076027c12 5 bytes JMP 00000001000c0970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076028063 5 bytes JMP 00000001000c0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000760284ff 5 bytes JMP 00000001000c0db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 000000007602984a 5 bytes JMP 00000001000c0d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076029dcd 5 bytes JMP 00000001000c0c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007602a1f3 5 bytes JMP 00000001000c06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007602a4dc 5 bytes JMP 00000001000c0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!LineTo 000000007602aafd 5 bytes JMP 00000001000c0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007602b122 5 bytes JMP 00000001000c0df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007602dea1 5 bytes JMP 00000001000c0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007602e111 5 bytes JMP 00000001000c00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateDCA 000000007602e1cd 5 bytes JMP 00000001000c00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 000000007602f1d6 5 bytes JMP 00000001000c0cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007602f4e2 5 bytes JMP 00000001000c0930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007602fb42 5 bytes JMP 00000001000c0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076031551 5 bytes JMP 00000001000c02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!Escape 0000000076031c25 5 bytes JMP 00000001000c0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000760321ca 5 bytes JMP 00000001000c0ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076032825 5 bytes JMP 00000001000c0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076035212 5 bytes JMP 00000001000c0b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000760353e0 5 bytes JMP 00000001000c0b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076049bcf 5 bytes JMP 00000001000c0cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007604c02b 5 bytes JMP 00000001000c0bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007604c432 5 bytes JMP 00000001000c0bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007604c8c9 5 bytes JMP 00000001000c0c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076052501 5 bytes JMP 00000001000c0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndDoc 000000007605291b 5 bytes JMP 00000001000c01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076052a0c 5 bytes JMP 00000001000c0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076053536 5 bytes JMP 00000001000c07f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076053ced 5 bytes JMP 00000001000c0830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076053d44 5 bytes JMP 00000001000c0af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076053d9f 5 bytes JMP 00000001000c0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076053df6 5 bytes JMP 00000001000c0a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007605402e 5 bytes JMP 00000001000c07b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!FillPath 00000000760540c0 5 bytes JMP 00000001000c0870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolylineTo 000000007605452d 5 bytes JMP 00000001000c04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000760545bd 5 bytes JMP 00000001000c04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolyDraw 000000007605466e 5 bytes JMP 00000001000c08b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClientRect 000000007596840d 7 bytes JMP 00000001000d05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007596920b 7 bytes JMP 00000001000d0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075969434 7 bytes JMP 00000001000d06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetTopWindow 000000007596973b 7 bytes JMP 00000001000d0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075969c90 5 bytes JMP 00000001000d05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 000000007596a2a0 5 bytes JMP 00000001000d02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007596a71a 5 bytes JMP 00000001000d02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetParent 000000007596bebb 7 bytes JMP 00000001000d06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetCursor 000000007596c153 5 bytes JMP 00000001000d0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007596c657 5 bytes JMP 00000001000d0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007596ec54 5 bytes JMP 00000001000d04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007596eca3 5 bytes JMP 00000001000d0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 000000007596f09d 7 bytes JMP 00000001000d0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075972152 5 bytes JMP 00000001000d00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 000000007597216f 5 bytes JMP 00000001000d0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000759722f3 5 bytes JMP 00000001000d00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!OpenClipboard 000000007597230e 5 bytes JMP 00000001000d0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007597254d 5 bytes JMP 00000001000d03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000075972568 5 bytes JMP 00000001000d01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000075972583 5 bytes JMP 00000001000d01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000075972620 5 bytes JMP 00000001000d0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000075972776 5 bytes JMP 00000001000d0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!EmptyClipboard 000000007598727e 5 bytes JMP 00000001000d0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075987299 5 bytes JMP 00000001000d0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 000000007598741f 5 bytes JMP 00000001000d0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000759874bc 5 bytes JMP 00000001000d0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000759a2a58 5 bytes JMP 00000001000d0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000759c5c8c 5 bytes JMP 00000001000d04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000759c5f95 5 bytes JMP 00000001000d0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000759c610c 5 bytes JMP 00000001000d03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!FreeContextBuffer 0000000075331a93 5 bytes JMP 00000001000e00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!DeleteSecurityContext 0000000075331c28 5 bytes JMP 00000001000e0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!FreeCredentialsHandle 00000000753322ea 5 bytes JMP 00000001000e0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!EncryptMessage 000000007533333b 5 bytes JMP 00000001000e01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!DecryptMessage 0000000075333409 5 bytes JMP 00000001000e0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!InitializeSecurityContextA 0000000075335f09 5 bytes JMP 00000001000e0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!AcquireCredentialsHandleA 0000000075336021 5 bytes JMP 00000001000e0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!QueryContextAttributesA 00000000753363d9 5 bytes JMP 00000001000e0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!ApplyControlToken 000000007533ddc0 5 bytes JMP 00000001000e01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!QueryCredentialsAttributesA 000000007533dfc3 5 bytes JMP 00000001000e00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075b174c9 5 bytes JMP 00000001001000b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075b411e3 5 bytes JMP 0000000100100030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075b4a8f9 5 bytes JMP 0000000100100070

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4860] 000000006a5e6314
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:1088] 000000006a5e539b
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2500] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3132] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:5052] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4912] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4124] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3656] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2972] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2964] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2776] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4524] 0000000075493402
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4904] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4240] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3272] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3516] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4648] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4676] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2616] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4536] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3472] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3164] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4740] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4692] 00000000771ddd19
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3992] 000000007726810d
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3796] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4584] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:552] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4116] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4444] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2488] 0000000074ba13dd
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3336] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:5004] 0000000075146488
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2440] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:508] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4852] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4272] 000000006d48c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4580] 0000000075493402
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4420] 0000000075ae57e9
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:1516] 000000006a5e539b
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3916] 000000006e53eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3464] 000000006e53eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3100] 00000000771ddd19
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:2152] 000000007726810d
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:1092] 000000006e53eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3276] 000000006e53eb50

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021862eae76
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021862eae76 (not active ControlSet)

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  2. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Any ideas of where I can start? Other scans I can run? Flip a coin?
     
  3. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Friendly bump... just looking for some hints.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • Ensure MBR scan, Check faked and AntiRootkit are checked
    • Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

      [​IMG]
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Post thos two logs...

    Kevin
     
  5. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Thanks Kevin.

    I ran the ADWcleaner and have posted the scan below.

    I tried to run RougeKiller and it ran the prescan ok, but after checking the appropriate boxes and trying to run the scan, it stopped immediately closed out with a "a problem caused the program to stop working correctly" windows error. I tried reinstalling it twice, same error both times I tried to run it.

    Here is the AdwCleaner log. Let me know what I can try next, and thanks again.

    # AdwCleaner v2.109 - Logfile created 01/30/2013 at 18:39:07
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : john - JOHN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\john\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\clickpotatolite
    Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}
    Deleted on reboot : C:\Program Files (x86)\QuestBrwSearch
    Deleted on reboot : C:\Program Files (x86)\ShopperReports3
    Deleted on reboot : C:\ProgramData\Browse2save
    Deleted on reboot : C:\ProgramData\InstallMate
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
    Deleted on reboot : C:\ProgramData\QuestBrwSearch
    Deleted on reboot : C:\ProgramData\Viewpoint
    Deleted on reboot : C:\Users\john\AppData\Local\Ilivid Player
    Deleted on reboot : C:\Users\john\AppData\LocalLow\Billeo
    Deleted on reboot : C:\Users\john\AppData\LocalLow\Browse2save
    Deleted on reboot : C:\Users\john\AppData\Roaming\clickpotatolite
    Deleted on reboot : C:\Users\john\AppData\Roaming\ShopperReports3
    Deleted on reboot : C:\Users\john\Documents\Billeo
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465E08E7-F005-4389-980F-1D8764B3486C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6002.18005

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\prefs.js

    Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Deleted : user_pref("aol_toolbar.default.search.check", false);
    Deleted : user_pref("extensions.50d245f133cc8.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [6696 octets] - [30/01/2013 18:39:07]

    ########## EOF - C:\AdwCleaner[S1].txt - [6756 octets] ##########
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    OK, run the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Here you go-- thanks!

    ComboFix 13-02-01.04 - john 02/01/2013 17:26:14.1.2 - x64
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.1901 [GMT -5:00]
    Running from: c:\users\john\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\program files (x86)\ClickPotatoLite
    c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
    c:\program files (x86)\QuestBrwSearch
    c:\program files (x86)\ShopperReports3
    c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
    c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
    c:\programdata\QuestBrwSearch
    c:\users\john\Desktop\Malware Protection.lnk
    c:\windows\iun6002.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-01 22:38 . 2013-02-01 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-30 23:45 . 2013-01-30 23:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDC1344-2362-4FDB-823D-E6563DD46DDE}\offreg.dll
    2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-01-30 04:22 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDC1344-2362-4FDB-823D-E6563DD46DDE}\mpengine.dll
    2013-01-27 13:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
    2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
    2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
    2012-12-19 22:55 129024 ----a-w- c:\programdata\Browse2save\50d245f133d9f.ocx
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 20:45 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
    2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
    .
    2013-01-20 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2013-01-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
    .
    2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-01 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2013-02-01 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
    "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://search.easylifeapp.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
    DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
    FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
    FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Aim6 - (no file)
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
    AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    @DACL=(02 0010)
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @DACL=(02 0010)
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2013-02-01 17:41:23
    ComboFix-quarantined-files.txt 2013-02-01 22:41
    .
    Pre-Run: 149,281,456,128 bytes free
    Post-Run: 149,971,009,536 bytes free
    .
    - - End Of File - - EA9C02886478E491791FC6D20ACF85F9
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    Folder::
    c:\programdata\Browse2save
    Files::
    c:\program files (x86)\Common Files\keyhelp.ocx
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those logs, let me know if there are any remaining issues or concerns...

    Kevin...
     
  9. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Thanks!

    C:\Qoobox\Quarantine\C\ProgramData\Browse2save\50d245f133d9f.ocx.vir Win32/Adware.MultiPlug.D application
    C:\Qoobox\Quarantine\C\ProgramData\Browse2save\50d245f133dd7.html.vir Win32/Adware.MultiPlug.H application
    C:\Qoobox\Quarantine\C\ProgramData\Browse2save\fbdgppmpckoccnmiokeealgedplkpkii.crx.vir Win32/Adware.MultiPlug.H application
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b859.25718434.js Win32/Adware.MultiPlug.H application
    C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application






    Results of screen317's Security Check version 0.99.57
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    Malwarebytes Anti-Malware version 1.70.0.1100
    HijackThis 2.0.2
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (18.0.1)
    Mozilla Thunderbird 14.0. Thunderbird out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     
  10. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    I've still got random hyperlinks showing up on any web page I view. A little popup window comes up when you mouse over it, and if you click it takes you to some type of spam page like "pricedazzler" or something like that.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Where is Combofix log? Also can you post a screen shot of the following as it happens:

     
  12. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    See attached word doc
     

    Attached Files:

  13. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    ComboFix 13-02-01.04 - john 02/02/2013 10:55:29.2.2 - x64
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.2057 [GMT -5:00]
    Running from: c:\users\john\Desktop\ComboFix.exe
    Command switches used :: c:\users\john\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Browse2save
    c:\programdata\Browse2save\50d245f133d9f.ocx
    c:\programdata\Browse2save\50d245f133dd7.html
    c:\programdata\Browse2save\50d245f133e10.js
    c:\programdata\Browse2save\fbdgppmpckoccnmiokeealgedplkpkii.crx
    c:\programdata\Browse2save\settings.ini
    c:\programdata\Browse2save\uninstall.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-02 16:05 . 2013-02-02 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-02 04:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22240227-A262-490E-ADDA-F6076F8D9F99}\mpengine.dll
    2013-02-01 22:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 10:53 . 2009-10-03 11:14 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
    2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
    2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-02 04:07 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
    2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
    .
    2013-01-20 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2013-01-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-02 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2013-02-01 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
    "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://search.easylifeapp.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
    DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
    FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
    FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - c:\programdata\Browse2save\50d245f133d9f.ocx
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
    AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
    AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    @DACL=(02 0010)
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @DACL=(02 0010)
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2013-02-02 11:07:58
    ComboFix-quarantined-files.txt 2013-02-02 16:07
    ComboFix2.txt 2013-02-01 22:41
    .
    Pre-Run: 149,322,416,128 bytes free
    Post-Run: 149,316,870,144 bytes free
    .
    - - End Of File - - E61672E2A1A5DB528E8688D4E7B379CF
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Run the following:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    File::
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b8 59.25718434.js
    C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js 
    DDS::
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://search.easylifeapp.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
    Firefox::
    FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post both logs, give update on current issues/concerns..

    Kevin
     
  15. jthompsonjr

    jthompsonjr Thread Starter

    Joined:
    Nov 19, 2006
    Messages:
    108
    Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.03.11

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    john :: JOHN-PC [administrator]

    Protection: Disabled

    2/3/2013 6:37:38 PM
    mbam-log-2013-02-03 (18-37-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220946
    Time elapsed: 3 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    ComboFix 13-02-01.04 - john 02/03/2013 18:12:51.3.2 - x64
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.1643 [GMT -5:00]
    Running from: c:\users\john\Desktop\ComboFix.exe
    Command switches used :: c:\users\john\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b8 59.25718434.js"
    "c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 23:21 . 2013-02-03 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-03 19:44 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E15BD103-5E1B-4AB6-8577-C377E6431F0F}\mpengine.dll
    2013-02-02 22:10 . 2013-02-02 22:10 -------- d-----w- c:\program files (x86)\ESET
    2013-02-02 04:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 10:53 . 2009-10-03 11:14 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
    2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
    2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
    c:\programdata\Browse2save\50d245f133d9f.ocx [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-02 04:07 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
    2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
    .
    2013-02-03 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2013-02-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
    .
    2013-02-03 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2013-02-02 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
    "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://search.easylifeapp.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
    DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
    FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
    FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
    AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
    AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    @DACL=(02 0010)
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @DACL=(02 0010)
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2013-02-03 18:24:41
    ComboFix-quarantined-files.txt 2013-02-03 23:24
    ComboFix2.txt 2013-02-02 16:08
    ComboFix3.txt 2013-02-01 22:41
    .
    Pre-Run: 151,037,857,792 bytes free
    Post-Run: 150,993,289,216 bytes free
    .
    - - End Of File - - 2F380BD63406D98D2A4B7106DAE13F84
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086161

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice