[Solved] Help needed to determine if my machine is infected..

bobbygeorge · Jan 8, 2011

Sorry: looks like AVG messed it up. will try again

bobbygeorge · Jan 9, 2011

ComboFix 11-01-06.03 - Seano 09/01/2011 5:44.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.4094.2505 [GMT 0:00]
Running from: c:\users\Seano\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 05:48 . 2011-01-09 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 01:04 . 2009-11-08 10:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-01-08 01:04 . 2009-11-08 10:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-01-08 01:04 . 2009-11-08 10:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-01-08 01:04 . 2009-11-08 10:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-01-08 01:04 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-01-07 21:29 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-01-07 21:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-07 21:27 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-01-07 21:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-01-07 21:26 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-01-07 21:26 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-01-07 21:26 . 2010-05-27 19:16 738816 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-01-07 17:19 . 2011-01-07 17:19 -------- d-----w- c:\programdata\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2011-01-07 17:19 . 2011-01-07 17:19 -------- d-----w- c:\program files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2011-01-07 17:17 . 2011-01-07 17:17 -------- d-----w- c:\windows\PCHEALTH
2011-01-07 17:17 . 2011-01-07 17:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-01-07 17:16 . 2011-01-07 17:19 -------- d-----w- c:\programdata\Microsoft Help
2011-01-07 17:15 . 2011-01-07 17:15 -------- d-----r- C:\MSOCache
2011-01-07 16:59 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-01-07 16:22 . 2011-01-07 16:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-07 16:10 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
2011-01-07 16:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
2011-01-07 16:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2011-01-07 16:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
2011-01-07 16:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
2011-01-07 16:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-01-07 16:01 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
2011-01-07 16:01 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
2011-01-07 15:58 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-01-07 15:58 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-01-07 15:54 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-01-07 15:54 . 2010-04-14 17:45 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-01-07 15:54 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-01-07 15:54 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-01-07 15:54 . 2010-04-14 17:46 428544 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-01-07 05:18 . 2011-01-07 05:18 -------- d-----w- C:\_OTM
2011-01-07 03:59 . 2011-01-07 03:59 -------- d-----w- c:\programdata\Malwarebytes
2011-01-07 03:59 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-07 03:59 . 2011-01-07 03:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 03:28 . 2010-08-31 15:41 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-01-07 03:28 . 2010-08-31 15:41 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-01-07 03:28 . 2009-09-10 15:48 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-01-07 03:28 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-01-07 03:28 . 2009-09-10 15:21 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-01-07 03:25 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\SysWow64\msxml6.dll
2011-01-07 03:25 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-01-07 03:25 . 2009-10-23 17:42 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-01-07 03:25 . 2010-09-10 15:51 171008 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-01-07 03:25 . 2010-09-10 16:35 168960 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-01-07 03:25 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-01-07 03:24 . 2010-01-25 08:35 523776 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2011-01-07 03:24 . 2010-01-25 08:34 511488 ----a-w- c:\windows\SysWow64\RMActivate.exe
2011-01-07 03:24 . 2010-01-25 12:48 472576 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2011-01-07 03:24 . 2010-01-25 12:48 472064 ----a-w- c:\windows\SysWow64\secproc.dll
2011-01-07 03:24 . 2010-01-25 08:35 346624 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2011-01-07 03:24 . 2010-01-25 08:34 347136 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2011-01-07 03:24 . 2010-01-25 12:48 151040 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2011-01-07 03:24 . 2010-01-25 12:48 151040 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2011-01-07 03:24 . 2010-01-25 12:45 329216 ----a-w- c:\windows\SysWow64\msdrm.dll
2011-01-07 03:24 . 2010-01-29 16:41 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-01-07 03:24 . 2010-01-29 16:22 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-01-07 03:22 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-01-07 03:21 . 2009-07-14 13:00 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll
2011-01-07 02:52 . 2011-01-07 02:52 -------- d-----w- c:\program files (x86)\ESET
2011-01-07 02:06 . 2011-01-07 02:06 -------- d--h--w- c:\programdata\Common Files
2011-01-07 02:05 . 2011-01-09 04:09 -------- d-----w- c:\programdata\AVG10
2011-01-07 02:04 . 2011-01-07 02:04 -------- d-----w- c:\program files (x86)\AVG
2011-01-07 01:39 . 2011-01-07 02:04 -------- d-----w- c:\programdata\MFAData
2011-01-07 01:34 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2011-01-07 01:34 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-01-07 01:20 . 2009-08-07 02:24 35552 ----a-w- c:\windows\SysWow64\wups.dll
2011-01-07 01:20 . 2009-08-07 02:23 575704 ----a-w- c:\windows\SysWow64\wuapi.dll
2011-01-07 01:20 . 2009-08-07 01:44 87552 ----a-w- c:\windows\SysWow64\wudriver.dll
2011-01-07 01:20 . 2009-08-06 19:23 171608 ----a-w- c:\windows\SysWow64\wuwebv.dll
2011-01-07 01:20 . 2009-08-06 18:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2011-01-07 00:07 . 2011-01-07 00:08 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-01-07 00:06 . 2011-01-07 05:58 -------- d-----w- c:\users\Seano

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 02:00 . 2009-06-11 15:53 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
.

((((((((((((((((((((((((((((( SnapShot_2011-01-09_04.19.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-01-07 19:54 . 2011-01-08 17:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-07 19:54 . 2011-01-09 04:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-07 19:54 . 2011-01-09 04:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-07 19:54 . 2011-01-08 17:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-07 06:44 . 2011-01-09 05:36 158542 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"Google Update"="c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-07 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/11 16:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-03-19 09:54 146928]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2008-09-26 804864]

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139329902-3773949464-2642598458-1000Core.job
- c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 02:39]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139329902-3773949464-2642598458-1000UA.job
- c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 02:39]

2011-01-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"SmartMenu"="%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=93&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-IE\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-09 05:50:39
ComboFix-quarantined-files.txt 2011-01-09 05:50
ComboFix2.txt 2011-01-09 04:22
ComboFix3.txt 2011-01-07 05:35
ComboFix4.txt 2011-01-07 05:12

Pre-Run: 427,441,881,088 bytes free
Post-Run: 427,418,591,232 bytes free

- - End Of File - - ECBDF7A20348A3ABC51FAC214F9AFACD

C:\_OTM\MovedFiles\01072011_051843\C_Windows\System32\ezShellStart.exe probably unknown NewHeur_PE virus

bobbygeorge · Jan 12, 2011

A more recent log due to suspicious activity.....

....i.e. Suspect people trying to infect my machine again through sharing links with me on facebook.

ComboFix 11-01-11.01 - Seano 12/01/2011 5:32.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.4094.2623 [GMT 0:00]
Running from: c:\users\Seano\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-12 05:36 . 2011-01-12 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 05:31 . 2011-01-12 05:31 -------- d-----w- C:\32788R22FWJFW
2011-01-09 21:18 . 2010-11-16 12:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74009AD9-72DC-4739-8FA7-1BFA6AB08183}\mpengine.dll
2011-01-09 21:18 . 2010-10-19 10:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 01:04 . 2009-11-08 10:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-01-08 01:04 . 2009-11-08 10:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-01-08 01:04 . 2009-11-08 10:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-08 01:04 . 2009-11-08 10:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-01-08 01:04 . 2009-11-08 10:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-08 01:04 . 2009-11-08 10:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-01-08 01:04 . 2009-11-08 10:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-01-08 01:04 . 2009-11-08 10:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-01-08 01:04 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-01-08 01:04 . 2009-11-08 10:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-07 21:29 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2011-01-07 21:29 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-01-07 21:29 . 2010-03-05 14:32 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-01-07 21:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-07 21:28 . 2009-11-03 22:42 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-01-07 21:27 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-01-07 21:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-01-07 21:26 . 2010-09-06 13:44 461824 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-07 21:26 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-01-07 21:26 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-01-07 21:26 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2011-01-07 21:26 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2011-01-07 21:26 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2011-01-07 21:26 . 2010-09-06 13:44 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-07 21:26 . 2010-09-06 13:44 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-07 21:26 . 2010-05-27 20:01 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-07 21:26 . 2010-05-27 19:16 738816 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-01-07 17:19 . 2011-01-07 17:19 -------- d-----w- c:\programdata\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2011-01-07 17:19 . 2011-01-07 17:19 -------- d-----w- c:\program files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2011-01-07 17:17 . 2011-01-07 17:17 -------- d-----w- c:\windows\PCHEALTH
2011-01-07 17:17 . 2011-01-07 17:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-01-07 17:16 . 2011-01-07 17:19 -------- d-----w- c:\programdata\Microsoft Help
2011-01-07 17:15 . 2011-01-07 17:15 -------- d-----r- C:\MSOCache
2011-01-07 16:59 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2011-01-07 16:59 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-01-07 16:22 . 2011-01-07 16:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-07 16:10 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-01-07 16:10 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
2011-01-07 16:10 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
2011-01-07 16:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
2011-01-07 16:10 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-01-07 16:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2011-01-07 16:10 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
2011-01-07 16:10 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
2011-01-07 16:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
2011-01-07 16:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
2011-01-07 16:10 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-01-07 16:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-01-07 16:01 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
2011-01-07 16:01 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
2011-01-07 16:01 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
2011-01-07 16:01 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
2011-01-07 15:59 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-07 15:58 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-01-07 15:58 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-01-07 15:58 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-01-07 15:58 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-01-07 15:58 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
2011-01-07 15:54 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
2011-01-07 15:54 . 2010-04-14 18:33 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2011-01-07 15:54 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-01-07 15:54 . 2010-04-14 17:45 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-01-07 15:54 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-01-07 15:54 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-01-07 15:54 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-01-07 15:54 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-01-07 15:54 . 2010-04-14 18:35 558592 ----a-w- c:\windows\system32\EncDec.dll
2011-01-07 15:54 . 2010-04-14 17:46 428544 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-01-07 05:18 . 2011-01-07 05:18 -------- d-----w- C:\_OTM
2011-01-07 03:59 . 2011-01-07 03:59 -------- d-----w- c:\programdata\Malwarebytes
2011-01-07 03:59 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-07 03:59 . 2011-01-07 03:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 03:59 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-07 03:28 . 2010-08-31 15:41 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-01-07 03:28 . 2010-08-31 15:41 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-01-07 03:28 . 2009-09-10 15:48 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-01-07 03:28 . 2009-09-10 15:48 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-01-07 03:28 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-01-07 03:28 . 2009-09-10 15:21 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-01-07 03:25 . 2009-08-10 14:09 1794560 ----a-w- c:\windows\system32\msxml6.dll
2011-01-07 03:25 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\SysWow64\msxml6.dll
2011-01-07 03:25 . 2009-06-04 12:59 2423296 ----a-w- c:\windows\system32\mstscax.dll
2011-01-07 03:25 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-01-07 03:25 . 2009-10-23 18:10 880640 ----a-w- c:\windows\system32\timedate.cpl
2011-01-07 03:25 . 2009-10-23 17:42 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-01-07 03:25 . 2010-09-10 15:51 171008 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-01-07 03:25 . 2010-09-10 16:35 168960 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-01-07 03:25 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-01-07 03:25 . 2010-09-10 15:52 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-07 03:22 . 2010-06-11 16:08 1875456 ----a-w- c:\windows\system32\msxml3.dll
2011-01-07 03:21 . 2009-07-14 13:21 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2011-01-07 02:52 . 2011-01-07 02:52 -------- d-----w- c:\program files (x86)\ESET
2011-01-07 02:06 . 2011-01-07 02:06 -------- d--h--w- c:\programdata\Common Files
2011-01-07 02:05 . 2011-01-12 00:22 -------- d-----w- c:\programdata\AVG10
2011-01-07 02:04 . 2011-01-07 02:04 -------- d-----w- c:\program files (x86)\AVG
2011-01-07 01:39 . 2011-01-07 02:04 -------- d-----w- c:\programdata\MFAData
2011-01-07 01:34 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2011-01-07 01:34 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
2011-01-07 01:34 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-01-07 01:34 . 2009-12-23 12:39 218112 ----a-w- c:\windows\system32\wintrust.dll
2011-01-07 01:21 . 2009-08-07 02:24 43744 ----a-w- c:\windows\system32\wups2.dll
2011-01-07 01:21 . 2009-08-07 02:24 57560 ----a-w- c:\windows\system32\wuauclt.exe
2011-01-07 01:21 . 2009-08-07 02:24 2424024 ----a-w- c:\windows\system32\wuaueng.dll
2011-01-07 01:21 . 2009-08-07 01:59 2621440 ----a-w- c:\windows\system32\wucltux.dll
2011-01-07 01:20 . 2009-08-07 02:24 38112 ----a-w- c:\windows\system32\wups.dll
2011-01-07 01:20 . 2009-08-07 02:24 35552 ----a-w- c:\windows\SysWow64\wups.dll
2011-01-07 01:20 . 2009-08-07 02:23 700640 ----a-w- c:\windows\system32\wuapi.dll
2011-01-07 01:20 . 2009-08-07 02:23 575704 ----a-w- c:\windows\SysWow64\wuapi.dll
2011-01-07 01:20 . 2009-08-07 01:59 98816 ----a-w- c:\windows\system32\wudriver.dll
2011-01-07 01:20 . 2009-08-07 01:44 87552 ----a-w- c:\windows\SysWow64\wudriver.dll
2011-01-07 01:20 . 2009-08-06 19:23 185416 ----a-w- c:\windows\system32\wuwebv.dll
2011-01-07 01:20 . 2009-08-06 19:23 171608 ----a-w- c:\windows\SysWow64\wuwebv.dll
2011-01-07 01:20 . 2009-08-06 18:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2011-01-07 01:20 . 2009-08-06 18:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2011-01-07 00:17 . 2008-09-26 04:31 804864 ----a-w- c:\windows\system32\drivers\netr28ux.sys
2011-01-07 00:17 . 2008-09-26 04:26 305664 ----a-w- c:\windows\system32\RaCoInstx.dll
2011-01-07 00:07 . 2011-01-07 00:08 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-01-07 00:06 . 2011-01-10 00:17 -------- d-----w- c:\users\Seano

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 02:00 . 2009-06-11 15:53 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
.

((((((((((((((((((((((((((((( SnapShot_2011-01-09_04.19.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-01-11 14:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-01-08 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-11 14:24 . 2011-01-11 14:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-01-11 14:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-01-08 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-01-12 05:27 34914 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-01-12 05:27 58292 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-07 00:02 . 2011-01-11 14:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-07 00:02 . 2011-01-09 03:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-07 00:02 . 2011-01-09 03:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-07 00:02 . 2011-01-11 14:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-07 00:02 . 2011-01-09 03:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-07 00:02 . 2011-01-11 14:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-07 19:54 . 2011-01-08 17:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-07 19:54 . 2011-01-10 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-07 19:54 . 2011-01-08 17:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-07 19:54 . 2011-01-10 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:40 . 2011-01-08 04:11 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-01-10 00:17 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-01-10 00:17 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-01-08 04:11 51200 c:\windows\inf\infpub.dat
+ 2011-01-07 00:07 . 2011-01-12 05:27 5518 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139329902-3773949464-2642598458-1000_UserData.bin
- 2011-01-09 04:11 . 2011-01-09 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-12 05:24 . 2011-01-12 05:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-09 04:11 . 2011-01-09 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-12 05:24 . 2011-01-12 05:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-07 06:44 . 2011-01-10 20:31 192876 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-01-09 04:17 599942 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-01-12 05:29 599942 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-01-12 05:29 105448 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-01-09 04:17 105448 c:\windows\system32\perfc009.dat
- 2009-06-11 16:02 . 2011-01-09 04:10 564704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-11 16:02 . 2011-01-12 00:31 564704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2006-11-02 12:40 . 2011-01-10 00:17 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-01-08 04:11 143360 c:\windows\inf\infstrng.dat
+ 2011-01-10 00:17 . 2011-01-10 00:17 4779008 c:\windows\Installer\a5c329.msi
+ 2011-01-10 00:15 . 2011-01-10 00:15 1940480 c:\windows\Installer\a5c325.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"Google Update"="c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-07 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/11 16:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-03-19 09:54 146928]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2008-09-26 804864]

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139329902-3773949464-2642598458-1000Core.job
- c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 02:39]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139329902-3773949464-2642598458-1000UA.job
- c:\users\Seano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 02:39]

2011-01-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"SmartMenu"="%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=93&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-IE\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-12 05:38:21
ComboFix-quarantined-files.txt 2011-01-12 05:38
ComboFix2.txt 2011-01-09 05:50
ComboFix3.txt 2011-01-09 04:22
ComboFix4.txt 2011-01-07 05:35
ComboFix5.txt 2011-01-12 05:31

Pre-Run: 443,192,426,496 bytes free
Post-Run: 443,164,323,840 bytes free

- - End Of File - - A2A01C60A05B5ED4AD503945B37D6448

Bobbye · Jan 12, 2011

Please take a look at the Registry keys in the Combofix log and tell me why they are all using SACL
Example:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=

Access Control: http://msdn.microsoft.com/en-us/library/aa374860(v=VS.85).aspx

What SACL is: http://msdn.microsoft.com/en-us/library/aa379321(v=vs.85).aspx
===========================================
About File Sharing: no one needs to try and infect you system. When you share files, you share whatever comes with them:
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe.

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

File sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

bobbygeorge · Jan 13, 2011

thanks for your reply.

I am not using, or have not downloaded a P2P program. I heeded your warning about this from earlier.

The answer to your question is, is simply do not know. I am kind of tired right now as I have been awake for quite awhile so, sorry, but what i have read in the links is like double dutch to me right now.

Files, as in links to photos and music(on youtube) have been shared with me on facebook. They are the only files I have opened.

So, have I got a serious problem again?

And do you think those links on facebook could be the source?

I'm getting kind of sick of the intrusion into my personal space, so want to get to the bottom of this once and for all.

The above line is me just blowing off steam.

Thanks Bobbye again for your time and awesome support

Bobbye · Jan 13, 2011

I'm getting kind of sick of the intrusion into my personal space, so want to get to the bottom of this once and for all.

As cruel as this may sound, you lose your right to 'personal space' once you share files. They are ways to 'share' pictures, articles, etc. without using file sharing. That may sound like a contradiction to you, but it isn't. Photos can be emailed and so can articles. The difference is that you can 'save' from there before opening and scan with your antivirus and other security program before you open it!

Give me a few hours to check out some of these keys to see if I can safely remove them.

bobbygeorge · Jan 13, 2011

Sound job.

As the Sacl issue is present on the first scan also, I am all out of ideas as to how this problem my have happened.

Thanks!

bobbygeorge · Jan 18, 2011

As I don't want this thread to become inactive.....

.....here's just a reminder for ya.

Cheers.

Bobbye · Jan 18, 2011

I have been having mega internet connection problems! Went down at 9 last night-again- took 5 attempts at 9 this AM to connect. Making me crazy and getting behind!

The SACL entries are okay. I'm setting up some script for removals in Combofix- if my internet stays up, I'll be back shortly.

Bobbye · Jan 18, 2011

It's getting confusing to go through all the logs posted for different problems! For instance, AVG is running in Combofix- supposedly the program will not run with AVG. And I see Norton entries as well as a-squared. You've been asked not to run any other scanning programs or make Registry changed.

Please decide which AV you want to keep and remove the others

Note: the following script has entries to remove Conduit-related entries. They are not malware. But since your main concern is your loss of privacy on Social Networking interaction, this will help eliminate a vulnerability. There were also multiple entries for the uTorrent toolbar, which I set for removal. Make sure you copy everything in the code box as it is lengthy.
=========================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all antvirus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code:
File::
c:\program files (x86)\a-squared Free\a2service.exe
Extra::
Firefox::
Firefox-: - Profile - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\omm3n6o8.default\
Firefox-: - prefs.js - SEARCH.DEFAULTURL
Firefox-: - prefs.js - STARTUP.HOMEPAGE 
Firefox-: - prefs.js - KEYWORD.URL

DDS::
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
RegNull::
[HKEY_USERS\S-1-5-21-2692080489-224753940-1066125639-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4BF5041B-071B-2CB2-14D0-D9F88302CA33}*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Regarding the Conduit Engine and DVDVideoSoftTB Toolbar:>These are Browser plugins bundled with various Conduit "Community Toolbars". Conduit toolbars are reputed to have a certain trackware functionality.Another one is DVDVideoSoftTB Toolbar.

If they show in Add/Remove Programs also, they should be uninstalled there. The using Windows Explorer (Windows key + E) you should follow this ath to remove the program folders: Windows explorer> My Computer> Double click on Local Drive (C)> Programs> Right click on the appropriate program folder> Delete.
=======================
I'd like you to repeat an Eset scan. And follow that with:
Download HijackThis and save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
There are installs for Java v6u16. These are out of date. Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

TechSpot

[Solved] Help needed to determine if my machine is infected..

bobbygeorge Newcomer, in training

bobbygeorge Newcomer, in training

bobbygeorge Newcomer, in training

Bobbye Helper on the Fringe

bobbygeorge Newcomer, in training

Bobbye Helper on the Fringe

bobbygeorge Newcomer, in training

bobbygeorge Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe