Solved My adobie flash keeps acting up

Status
Not open for further replies.
Problemsrbad

Problemsrbad

Posts: 117   +0
On my win 7 laptop machine the Adobie flash keeps messing up. I uninstall and reinstall it works fine until i reboot the machine it says flash not installed. Please help me fix this issue. Also the Gmer log was empty.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6872

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/16/2011 2:48:33 PM
mbam-log-2011-06-16 (14-48-33).txt

Scan type: Quick scan
Objects scanned: 178184
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft (Trojan.Agent.MSGen) -> Value: Microsoft -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft (Trojan.Agent.MSGen) -> Value: Microsoft -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Dan-LT\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Dan-LT at 15:03:34 on 2011-06-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2776 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE
mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\system32\VilonguLSP.dll
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\24F4242495D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 24.247.24.53 66.189.0.100
TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\E4F62716020264F68772370296D41636 : DhcpNameServer = 10.0.2.1
TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0} : NameServer = 10.54.56.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {D47KAE77-WB23-333V-HH41-NO7F2MI7K5R1} - C:\Users\Dan-LT\AppData\Roaming\System32\cmd.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun-x64: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE
mRun-x64: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.socks - 24.1.228.237
FF - prefs.js: network.proxy.socks_port - 1191
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dan-LT\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dan-LT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Dan-LT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-4-27 353168]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-31 366640]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-1-27 844320]
S4 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S4 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-9-24 91392]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
.
=============== Created Last 30 ================
.
2011-06-16 00:36:36 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 00:36:27 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 00:36:27 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 00:36:20 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 00:36:19 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 00:36:19 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 00:36:09 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-06-16 00:35:37 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 00:35:37 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 00:35:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 00:35:33 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 00:35:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 00:35:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 00:35:20 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 02:35:15 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\go
2011-06-15 02:35:09 -------- d-----w- C:\ProgramData\Easybits GO
2011-06-15 02:32:45 -------- d-----w- C:\ProgramData\Skype Extras
2011-06-14 08:14:10 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62C830D4-B8FE-4192-BD02-7724FA06A12B}\mpengine.dll
2011-06-13 01:01:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 04:41:01 -------- d-----w- C:\Users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
2011-06-06 20:21:00 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\picpick
2011-06-04 07:20:23 -------- d-----w- C:\Users\Dan-LT\AppData\Local\_
2011-05-29 20:00:03 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\SynthMaker
2011-05-29 19:57:10 -------- d-----w- C:\ProgramData\Acoustica
2011-05-29 19:57:10 -------- d-----w- C:\Program Files (x86)\VST
2011-05-29 19:57:10 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
2011-05-29 19:54:05 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\Acoustica
2011-05-29 19:54:04 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
2011-05-29 19:53:42 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
2011-05-24 21:42:22 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 17:52:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 17:52:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-04 13:42:58 89088 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-13 19:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-04-13 19:04:38 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2011-04-12 01:19:14 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2011-04-12 01:19:14 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 03:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll
2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 15:04:22.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/2/2010 1:12:27 PM
System Uptime: 6/16/2011 2:49:40 PM (1 hours ago)
.
Motherboard: Gateway | | SJV50TR
Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 50.884 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&51FBC45&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&51FBC45&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP313: 5/24/2011 5:42:10 PM - Windows Update
RP314: 5/25/2011 2:15:34 AM - Windows Update
RP315: 5/27/2011 5:02:09 AM - Windows Update
RP316: 5/31/2011 6:59:07 AM - Windows Update
RP317: 6/3/2011 4:57:55 PM - Windows Update
RP318: 6/5/2011 1:08:53 PM - Removed IObit Toolbar v4.4.
RP319: 6/7/2011 10:30:08 PM - Windows Update
RP320: 6/10/2011 7:21:46 AM - Windows Update
RP321: 6/12/2011 1:36:16 PM - Installed Java(TM) 6 Update 26
RP322: 6/12/2011 8:54:47 PM - Installed Adobe Reader X.
RP323: 6/14/2011 4:13:41 AM - Windows Update
RP324: 6/16/2011 3:00:22 AM - Windows Update
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
ActivePerl 5.10.1 Build 1006
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Advanced SystemCare 4
AI RoboForm 7-0-72 (All Users)
AIM 7
AMD USB Filter Driver
ASCOM Platform 5.0b
Atheros Driver Installation Program
Backup Manager Basic
Cake Poker
Call of Duty: Black Ops - Multiplayer
Camfrog Video Chat 6.0
CamfrogWEB Advanced ActiveX Plugin (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ClubWPT
D3DX10
Dark Age of Camelot
Darkfall US
Directory Submitter 1.0.29
DivX Setup
EasyBits GO
Epson Easy Photo Print 2
ESET Online Scanner v3
Eyeball Chat
FLVTube Player
Foxit Reader
Full Tilt Poker
Game Booster
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Updater
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hotspot Shield 1.57
iCall
iDEN Carrier RSS
Identity Card
ImgBurn
IMVU Avatar Chat Software
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Kermit
Launch Manager
Logitech QuickCam
Logitech Vid HD
Malwarebytes' Anti-Malware version 1.51.0.1200
ManyCam 2.4 (remove only)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WorldWide Telescope
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Driver Installation
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OUGO Messenger
Panda Cloud Antivirus
PDF Settings CS5
PicPick
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype™ 5.3
SpywareBlaster 4.4
Steam
Tor 0.2.1.30
Tube Toolbox
TVAnts 1.0
Universal Document Converter (Demo)
Unlocker 1.9.0
VC80CRTRedist - 8.0.50727.4053
Veo Advanced Connect
Vidalia 0.2.10
Video Web Camera
Vilongu HTTP SOCKS tunneler 1.0.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
Y!Supra version 1.0.0.63
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/16/2011 3:02:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/16/2011 2:50:11 PM, Error: Service Control Manager [7000] - The X4HSX32 service failed to start due to the following error: The system cannot find the path specified.
6/16/2011 2:50:06 PM, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the file specified.
6/16/2011 2:49:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
6/16/2011 2:49:58 PM, Error: atikmdag [43029] - Display is not active
6/16/2011 2:49:55 PM, Error: volmgr [46] - Crash dump initialization failed!
6/16/2011 12:24:51 AM, Error: amdsata [11] - The driver detected a controller error on \Device\RaidPort0.
6/15/2011 11:59:24 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/13/2011 6:36:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
.
==== End Of File ===========================
 
Welcome to the Virus and Malware Forum. I'll be glad to help see if any malware is involved in the problem.

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Reminder to be patient
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
I'd like to mention that many users who have the Hotspot Shield Monitoring Service installed, frequently experience problems. Whether this is related to your problem remains to be seen. =====================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
Please run this Security Check:
Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please paste the 3 logs into your next reply.
 
C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-2ce530d6 Java/Agent.BV trojan
C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2f31845f-17549821 Java/Agent.BV trojan
C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-58a319be probably a variant of Java/Agent.BR trojan
C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b4d836b-7e540643 Java/Agent.BV trojan



ComboFix 11-06-16.01 - Dan-LT 06/17/2011 11:50:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2688 [GMT -4:00]
Running from: c:\users\Dan-LT\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan-LT\AppData\Roaming\Dan-LTlog.dat
c:\users\Dan-LT\AppData\Roaming\gMozilla
c:\users\Dan-LT\AppData\Roaming\gMozilla\gFirefox\profiles.ini
c:\users\Dan-LT\AppData\Roaming\system32
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 15:57 . 2011-06-17 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 10:55 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74EF9A2F-D69C-463A-B4F3-370C41D7DAAA}\mpengine.dll
2011-06-16 00:36 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 00:36 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 00:36 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 00:36 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 00:36 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 00:36 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 00:36 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 00:35 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 00:35 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 00:35 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 00:35 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 00:35 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 00:35 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 00:35 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 02:32 . 2011-06-16 20:41 -------- d-----w- c:\programdata\Skype Extras
2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-13 01:01 . 2011-06-13 19:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-12 17:38 . 2011-06-12 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-07 04:41 . 2011-06-07 04:41 -------- d-----w- c:\users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
2011-06-06 20:21 . 2011-06-06 20:21 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\picpick
2011-06-04 07:20 . 2011-06-04 07:20 -------- d-----w- c:\users\Dan-LT\AppData\Local\_
2011-05-29 20:00 . 2011-05-29 20:00 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\SynthMaker
2011-05-29 19:57 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\programdata\Acoustica
2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\program files (x86)\VST
2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\Acoustica
2011-05-29 19:54 . 2009-12-14 19:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
2011-05-29 19:53 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2011-05-24 21:42 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 17:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-04-20 01:05 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-04-19 18:13 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-04 13:43 . 2011-05-04 13:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-04 13:43 . 2011-05-04 13:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-04 13:43 . 2011-05-04 13:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-04 13:43 . 2011-05-04 13:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-04 13:43 . 2011-05-04 13:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-04 13:43 . 2011-05-04 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-04 13:43 . 2011-05-04 13:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-04 13:43 . 2011-05-04 13:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-04 13:43 . 2011-05-04 13:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-04 13:43 . 2011-05-04 13:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-04 13:43 . 2011-05-04 13:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-04 13:43 . 2011-05-04 13:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-04 13:43 . 2011-05-04 13:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-04 13:43 . 2011-05-04 13:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-04 13:43 . 2011-05-04 13:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-04 13:43 . 2011-05-04 13:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-04 13:43 . 2011-05-04 13:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-04 13:42 . 2011-05-04 13:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-04 13:42 . 2011-05-04 13:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-04 13:42 . 2011-05-04 13:42 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-04 13:42 . 2011-05-04 13:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-04 13:42 . 2011-05-04 13:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-04 13:42 . 2011-05-04 13:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-04 13:42 . 2011-05-04 13:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-04 13:42 . 2011-05-04 13:42 448512 ----a-w- c:\windows\system32\html.iec
2011-05-04 13:42 . 2011-05-04 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-04 13:42 . 2011-05-04 13:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-04 13:42 . 2011-05-04 13:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-04 13:42 . 2011-05-04 13:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 13:42 . 2011-05-04 13:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-04 13:42 . 2011-05-04 13:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-04 13:42 . 2011-05-04 13:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-04 13:42 . 2011-05-04 13:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-04 13:42 . 2011-05-04 13:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-04 13:42 . 2011-05-04 13:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-04 13:42 . 2011-05-04 13:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-04 08:52 . 2010-04-20 05:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-13 19:04 . 2011-04-13 19:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-12 01:19 . 2011-04-12 01:19 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2011-04-12 01:19 . 2011-04-12 01:19 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2011-04-09 06:45 . 2011-05-11 16:13 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 16:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 16:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-03-25 03:23 . 2011-05-11 16:13 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 16:13 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:23 . 2011-05-11 16:13 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:22 . 2011-05-11 16:13 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 16:13 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 16:13 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 16:13 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 597736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 ALSysIO;ALSysIO;c:\users\Dan-LT\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 X6va001;X6va001;c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
R4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001Core.job
- c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001UA.job
- c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\VilonguLSP.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0}: NameServer = 10.54.56.1
FF - ProfilePath - c:\users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.socks - 24.1.228.237
FF - prefs.js: network.proxy.socks_port - 1191
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-17 12:01:34
ComboFix-quarantined-files.txt 2011-06-17 16:01
.
Pre-Run: 56,339,492,864 bytes free
Post-Run: 57,408,536,576 bytes free
.
- - End Of File - - F4A5CE628BFC6A92F863A426445C19F3


Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Panda Cloud Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Adobe Flash Player 10.3.181.22
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
``````````End of Log````````````
 
The Eset log shows the entres in the Java cache:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
==================================================
Open VirusTotal
  • Open Windows Explorer: Windows key + E> Go to Tools> Folder Options> View tab> Cleck 'show hidden files and folders.'> Apply> OK
  • At the upload site, click once inside the window next to Browse.
  • Press Ctrl+V to paste each of the following, one at a time into the window
    1. explorer.exe (Path is C:Windows)
    2. userinit.exe (Path is C:Windows System32
    3. svchost.exe (Path is C:\Window\System32[/b]
  • Click on the Upload button.
  • IF file shows 'already analyzed' press Reanalyze now button

When scans have all been done, please go back and check 'do not show hidden files and folders'> Apply> OK.

Please post the scan results in your next reply.
 
explorer.exe
explorer.exe
Submission date:
2011-06-17 20:57:41 (UTC)
Current status:
finished
Result:
0/ 39 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.06.18.00 2011.06.17 -
AntiVir 7.11.10.12 2011.06.17 -
Antiy-AVL 2.0.3.7 2011.06.17 -
Avast5 5.0.677.0 2011.06.17 -
AVG 10.0.0.1190 2011.06.17 -
BitDefender 7.2 2011.06.17 -
CAT-QuickHeal 11.00 2011.06.17 -
ClamAV 0.97.0.0 2011.06.17 -
Commtouch 5.3.2.6 2011.06.17 -
Comodo 9103 2011.06.17 -
eSafe 7.0.17.0 2011.06.15 -
eTrust-Vet 36.1.8393 2011.06.17 -
F-Prot 4.6.2.117 2011.06.17 -
F-Secure 9.0.16440.0 2011.06.17 -
Fortinet 4.2.257.0 2011.06.17 -
GData 22 2011.06.17 -
Ikarus T3.1.1.104.0 2011.06.17 -
Jiangmin 13.0.900 2011.06.17 -
K7AntiVirus 9.106.4822 2011.06.17 -
Kaspersky 9.0.0.837 2011.06.17 -
McAfee 5.400.0.1158 2011.06.17 -
McAfee-GW-Edition 2010.1D 2011.06.17 -
Microsoft 1.6903 2011.06.13 -
NOD32 6218 2011.06.17 -
Norman 6.07.10 2011.06.17 -
nProtect 2011-06-17.01 2011.06.17 -
Panda 10.0.3.5 2011.06.17 -
PCTools 7.0.3.5 2011.06.17 -
Prevx 3.0 2011.06.17 -
Rising 23.62.03.03 2011.06.17 -
Sophos 4.66.0 2011.06.17 -
SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
Symantec 20111.1.0.186 2011.06.17 -
TheHacker 6.7.0.1.230 2011.06.14 -
TrendMicro 9.200.0.1012 2011.06.17 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
VIPRE 9611 2011.06.17 -
ViRobot 2011.6.17.4519 2011.06.17 -
VirusBuster 14.0.84.1 2011.06.17 -
Additional information
MD5 : 0862495e0c825893db75ef44faea8e93
SHA1 : e4b9a40fa341bcb82f20c9c3cefad84825e0d194
SHA256: d190b84f29a6f22acfc313373301a848a927882cf728ca6d72eed4073dfc2b75

userinit.exe
File name:
userinit.exe
Submission date:
2011-06-17 21:00:42 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

VT Community

malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.06.18.00 2011.06.17 -
AntiVir 7.11.10.12 2011.06.17 -
Antiy-AVL 2.0.3.7 2011.06.17 -
Avast 4.8.1351.0 2011.06.17 -
Avast5 5.0.677.0 2011.06.17 -
AVG 10.0.0.1190 2011.06.17 -
BitDefender 7.2 2011.06.17 -
CAT-QuickHeal 11.00 2011.06.17 -
ClamAV 0.97.0.0 2011.06.17 -
Commtouch 5.3.2.6 2011.06.17 -
Comodo 9103 2011.06.17 -
DrWeb 5.0.2.03300 2011.06.17 -
Emsisoft 5.1.0.8 2011.06.17 -
eSafe 7.0.17.0 2011.06.15 -
eTrust-Vet 36.1.8393 2011.06.17 -
F-Prot 4.6.2.117 2011.06.17 -
Fortinet 4.2.257.0 2011.06.17 -
GData 22 2011.06.17 -
Ikarus T3.1.1.104.0 2011.06.17 -
Jiangmin 13.0.900 2011.06.17 -
K7AntiVirus 9.106.4822 2011.06.17 -
Kaspersky 9.0.0.837 2011.06.17 -
McAfee 5.400.0.1158 2011.06.17 -
McAfee-GW-Edition 2010.1D 2011.06.17 -
Microsoft 1.6903 2011.06.13 -
NOD32 6218 2011.06.17 -
Norman 6.07.10 2011.06.17 -
nProtect 2011-06-17.01 2011.06.17 -
Panda 10.0.3.5 2011.06.17 -
PCTools 7.0.3.5 2011.06.17 -
Prevx 3.0 2011.06.17 -
Rising 23.62.03.03 2011.06.17 -
Sophos 4.66.0 2011.06.17 -
SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
Symantec 20111.1.0.186 2011.06.17 -
TheHacker 6.7.0.1.230 2011.06.14 -
TrendMicro 9.200.0.1012 2011.06.17 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
VBA32 3.12.16.2 2011.06.17 -
VIPRE 9611 2011.06.17 -
ViRobot 2011.6.17.4519 2011.06.17 -
VirusBuster 14.0.84.1 2011.06.17 -
Additional information
MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175
SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a

svchost.exe
File name:
svchost.exe
Submission date:
2011-06-17 21:10:35 (UTC)
Current status:
finished
Result:
1/ 42 (2.4%)

VT Community

goodware
Safety score: 74.3%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.06.18.00 2011.06.17 -
AntiVir 7.11.10.12 2011.06.17 -
Antiy-AVL 2.0.3.7 2011.06.17 -
Avast 4.8.1351.0 2011.06.17 -
Avast5 5.0.677.0 2011.06.17 -
AVG 10.0.0.1190 2011.06.17 -
BitDefender 7.2 2011.06.17 -
CAT-QuickHeal 11.00 2011.06.17 -
ClamAV 0.97.0.0 2011.06.17 -
Commtouch 5.3.2.6 2011.06.17 -
Comodo 9103 2011.06.17 -
DrWeb 5.0.2.03300 2011.06.17 -
eSafe 7.0.17.0 2011.06.15 Win32.TrojanHorse
eTrust-Vet 36.1.8393 2011.06.17 -
F-Prot 4.6.2.117 2011.06.17 -
F-Secure 9.0.16440.0 2011.06.17 -
Fortinet 4.2.257.0 2011.06.17 -
GData 22 2011.06.17 -
Ikarus T3.1.1.104.0 2011.06.17 -
Jiangmin 13.0.900 2011.06.17 -
K7AntiVirus 9.106.4822 2011.06.17 -
Kaspersky 9.0.0.837 2011.06.17 -
McAfee 5.400.0.1158 2011.06.17 -
McAfee-GW-Edition 2010.1D 2011.06.17 -
Microsoft 1.6903 2011.06.13 -
NOD32 6218 2011.06.17 -
Norman 6.07.10 2011.06.17 -
nProtect 2011-06-17.01 2011.06.17 -
Panda 10.0.3.5 2011.06.17 -
PCTools 7.0.3.5 2011.06.17 -
Prevx 3.0 2011.06.17 -
Rising 23.62.03.03 2011.06.17 -
Sophos 4.66.0 2011.06.17 -
SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
Symantec 20111.1.0.186 2011.06.17 -
TheHacker 6.7.0.1.230 2011.06.14 -
TrendMicro 9.200.0.1012 2011.06.17 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
VBA32 3.12.16.2 2011.06.17 -
VIPRE 9611 2011.06.17 -
ViRobot 2011.6.17.4519 2011.06.17 -
VirusBuster 14.0.84.1 2011.06.17 -
Additional information
MD5 : 54a47f6b5e09a77e61649109c6a08866
SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
SHA256: 121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2


esafe?
 
Uninstall the Adobe Flash player that is on the system now. Look for an uninstaller first in the program. If there is none, uninstall it in Programs.

The most current is v10.3.181.26. Go here to download: http://get.adobe.com/flashplayer/
When you do the download, save it to the desktop. Then double click on that setup file on the desktop to install the program.

If that doesn't handled it, please give me an accurate description of "Adobie flash keeps messing up".
It almost sounds like you're not running the setup.
 
Ok, I just did that now, did that before about 4 times, still the same thing. When I go to Facebook on Internet Explorer try to play a game it says I need to install Adobie Flash. It works fine with FireFox because its using FoxIt. What is that eSafe showing a trojan on the svchost.exe file?

I just reinstalled Adobie Flash again using I.E., now it works fine. But what is that eSafe showing a trojan with the svchost.exe file?
 
I don't know what that entry is doing loose at the bottom of the scan. Why is it down there with a ? mark.
For information on esafe, please see this: http://www.safenet-inc.com/aladdin-content/esafe/default/
==============================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp
Folder::
c:\users\Default\AppData\Local\temp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=-
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"=-
Driver::
AdvancedSystemCareService
X6va001
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
============================================
I don't see [b[Foxy Proxy[/b] on Firefox, but I notice these entries:
FF - prefs.js: network.proxy.socks - 24.1.228.237
FF - prefs.js: network.proxy.socks_port - 1191

Do you know the source of these entries? Did you set them?

Are there any system problems remaining?
 
Can you please explain to me what is wrong with IOBit's Advanced System Care please? I have buy the Pro, uninstalling it would be wasting my money. They have numerous awards http://www.iobit.com/awards.html

As far as the eSafe at the end, I added that. I wanted to know what that was about?

No, I did not enter these:
FF - prefs.js: network.proxy.socks - 24.1.228.237
FF - prefs.js: network.proxy.socks_port - 1191

The system seems ok apart from this proxy setting and the eSafe trojan in the svchost.exe file?
 
ComboFix 11-06-21.03 - Dan-LT 06/21/2011 14:13:19.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2595 [GMT -4:00]
Running from: c:\users\Dan-LT\Desktop\ComboFix.exe
Command switches used :: c:\users\Dan-LT\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe"
"c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
c:\users\Default\AppData\Local\temp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA001
-------\Service_AdvancedSystemCareService
-------\Service_X6va001
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-21 13:43 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE7A804A-E5B1-4991-A66F-22BD4125CEEA}\mpengine.dll
2011-06-21 02:05 . 2011-06-21 02:05 -------- d-----w- c:\windows\system32\SPReview
2011-06-21 02:03 . 2011-06-21 02:03 -------- d-----w- c:\windows\system32\EventProviders
2011-06-20 22:19 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-20 22:19 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-20 22:19 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-20 22:19 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-06-20 22:19 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-06-20 22:19 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-06-20 22:19 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-06-20 22:19 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-20 22:19 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-06-20 22:17 . 2010-11-20 13:27 266240 ----a-w- c:\windows\system32\QAGENT.DLL
2011-06-20 22:16 . 2010-11-20 13:44 1077248 ----a-w- c:\windows\system32\Narrator.exe
2011-06-20 22:15 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2011-06-20 22:14 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-06-20 22:14 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-06-20 22:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-20 22:13 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-20 22:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-20 22:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-20 22:07 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-20 22:07 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-20 22:07 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-20 22:07 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-20 22:06 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-20 22:05 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-20 22:05 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-20 14:45 . 2011-06-21 03:11 -------- d-----w- c:\programdata\NOS
2011-06-20 14:45 . 2011-06-20 14:45 -------- d-----w- c:\program files (x86)\NOS
2011-06-16 00:36 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 00:36 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 00:36 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-16 00:36 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 00:36 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 00:36 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 00:36 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 00:35 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 00:35 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 00:35 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 00:35 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 00:35 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 00:35 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 00:35 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 02:32 . 2011-06-16 20:41 -------- d-----w- c:\programdata\Skype Extras
2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-13 01:01 . 2011-06-20 14:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-12 17:38 . 2011-06-12 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-07 04:41 . 2011-06-07 04:41 -------- d-----w- c:\users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
2011-06-06 20:21 . 2011-06-06 20:21 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\picpick
2011-06-04 07:20 . 2011-06-04 07:20 -------- d-----w- c:\users\Dan-LT\AppData\Local\_
2011-05-29 20:00 . 2011-05-29 20:00 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\SynthMaker
2011-05-29 19:57 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\programdata\Acoustica
2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\program files (x86)\VST
2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\Acoustica
2011-05-29 19:54 . 2009-12-14 19:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
2011-05-29 19:53 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2011-05-24 21:42 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 17:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 02:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-21 02:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-29 13:11 . 2010-04-20 01:05 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-04-19 18:13 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2010-03-02 18:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-04 13:43 . 2011-05-04 13:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-04 13:43 . 2011-05-04 13:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-04 13:43 . 2011-05-04 13:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-04 13:43 . 2011-05-04 13:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-04 13:43 . 2011-05-04 13:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-04 13:43 . 2011-05-04 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-04 13:43 . 2011-05-04 13:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-04 13:43 . 2011-05-04 13:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-04 13:43 . 2011-05-04 13:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-04 13:43 . 2011-05-04 13:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-04 13:43 . 2011-05-04 13:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-04 13:43 . 2011-05-04 13:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-04 13:43 . 2011-05-04 13:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-04 13:43 . 2011-05-04 13:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-04 13:43 . 2011-05-04 13:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-04 13:43 . 2011-05-04 13:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-04 13:43 . 2011-05-04 13:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-04 13:42 . 2011-05-04 13:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-04 13:42 . 2011-05-04 13:42 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-04 13:42 . 2011-05-04 13:42 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-04 13:42 . 2011-05-04 13:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-04 13:42 . 2011-05-04 13:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-04 13:42 . 2011-05-04 13:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-04 13:42 . 2011-05-04 13:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-04 13:42 . 2011-05-04 13:42 448512 ----a-w- c:\windows\system32\html.iec
2011-05-04 13:42 . 2011-05-04 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-04 13:42 . 2011-05-04 13:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-04 13:42 . 2011-05-04 13:42 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-04 13:42 . 2011-05-04 13:42 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 13:42 . 2011-05-04 13:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-04 13:42 . 2011-05-04 13:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-04 13:42 . 2011-05-04 13:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-04 13:42 . 2011-05-04 13:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-04 13:42 . 2011-05-04 13:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-04 13:42 . 2011-05-04 13:42 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-04 13:42 . 2011-05-04 13:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-04 08:52 . 2010-04-20 05:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-13 19:04 . 2011-04-13 19:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-12 01:19 . 2011-04-12 01:19 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2011-04-12 01:19 . 2011-04-12 01:19 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2011-04-09 07:02 . 2011-05-11 16:13 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 16:13 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 16:13 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-03-25 03:29 . 2011-05-11 16:13 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 16:13 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 16:13 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 16:13 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 16:13 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:29 . 2011-05-11 16:13 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-11 16:13 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
.
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
 
Edit: Lengthy Snapshot deleted by Bobbye
((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))

-- Snapshot reset to current date --
 
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R3 ALSysIO;ALSysIO;c:\users\Dan-LT\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
R4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001Core.job
- c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001UA.job
- c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28115.cfxxe" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\VilonguLSP.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0}: NameServer = 10.54.56.1
FF - ProfilePath - c:\users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.socks - 24.1.228.237
FF - prefs.js: network.proxy.socks_port - 1191
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
.
**************************************************************************
.
Completion time: 2011-06-21 14:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 18:56
ComboFix2.txt 2011-06-17 16:01
.
Pre-Run: 63,861,915,648 bytes free
Post-Run: 63,498,932,224 bytes free
.
- - End Of File - - 4796474FFB1830C21FF5BBE4B1A0F454
 
My apology- I should have suggested you remove it instead. It isn't a good program and the IOBit download pages are rated low in Trustworthiness and Vendor Reliability

Please do a System Restore using this Restore Point> RP324: 6/16/2011 3:00:22 AM - Windows Update or later if there has been one set between 6/16 and 6/21 when you ran the Combofix script.
======================================
Please note: I have looked at the Snapshot in Combofix. I am going to delete these lengthy entries.



Edit: Just noticed you left the rest of Combofix at same time I was posting. Thank you.
 
Regarding this entry:
svchost.exe
File name:
svchost.exe
Submission date:
2011-06-17 21:10:35 (UTC)
Additional information
MD5 : 54a47f6b5e09a77e61649109c6a08866
SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
SHA256: 121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2

eSafe 7.0.17.0 2011.06.15 Win32.TrojanHorse
Click to expand...

This SHA256 shows that it is a variant:
SHA-256 and SHA-512 are novel hash functions computed with 32- and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are simply truncated versions of the first two, computed with different initial values.
Click to expand...
See http://en.wikipedia.org/wiki/SHA-2

Perhaps you would be more comfortable if you ran it again:
Please go to VirSCAN.org FREE on-line scan service:


  • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

    Code: 
    svchost.exe
    [2]. At the upload site, click once inside the window next to Browse.
    [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    [4]. Click on the Upload button.
    This will perform a scan across multiple different virus scanning engines.
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    Important: Wait for all of the scanning engines to complete.
    [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
    [6]. Paste the contents of the Clipboard in your next reply.*****

***** After you click on Copy to the clipboard Please open Notepad> Format> Uncheck Word Wrap> Paste that copy in Notepad using either right click> Paste or using Ctrl V.

It was very difficult to read the log you left.

FYI: the designation of Win32.TrojanHorse is a generic finding. I am not concerned about this. None of the other scanners found anything and the Eset scan had entries in the Java cache.
 
ok, thanks. What do you suggest I use instead of ASC?

VirSCAN.org Scanned Report :
Scanned time : 2011/03/27 11:43:51 (EDT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 20992 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 54a47f6b5e09a77e61649109c6a08866
SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
Online report : http://file.virscan.org/report/a547c9efcc301cbeb3513c54a17493d3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110327010737 2011-03-27 5.25 -
AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 1.57 -
AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.30 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2010 201103240801 2011-03-24 0.00 -
Authentium 5.1.1 201103271446 2011-03-27 1.48 -
AVAST! 4.7.4 110327-0 2011-03-27 0.01 -
AVG 8.5.850 271.1.1/3516 2011-03-19 0.25 -
BitDefender 7.90123.7001104 7.36817 2011-03-27 6.33 -
ClamAV 0.96.5 12911 2011-03-26 0.01 -
Comodo 4.0 8126 2011-03-27 1.13 -
CP Secure 1.3.0.5 2011.03.27 2011-03-27 0.04 -
Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.14 -
F-Prot 4.4.4.56 20110326 2011-03-26 1.47 -
F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.07 -
Fortinet 4.2.254 13.48 2011-03-26 0.48 -
GData 21.2141/21.773 20110327 2011-03-27 8.92 -
ViRobot 20110326 2011.03.26 2011-03-26 0.43 -
Ikarus T3.1.32.20.0 2011.03.27.78032 2011-03-27 5.46 -
JiangMin 13.0.900 2011.03.27 2011-03-27 1.45 -
Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 0.76 -
McAfee 5400.1158 6297 2011-03-26 8.14 -
Microsoft 1.6702 2011.03.27 2011-03-27 4.08 -
NOD32 3.0.21 5988 2011-03-26 0.01 -
Norman 6.07.03 6.07.00 2011-03-26 10.02 -
Panda 9.05.01 2011.03.27 2011-03-27 3.69 -
Trend Micro 9.200-1012 7.930.07 2011-03-27 0.03 -
Quick Heal 11.00 2011.03.26 2011-03-26 0.97 -
Rising 20.0 23.50.05.05 2011-03-26 2.12 -
Sophos 3.16.1 4.62 2011-03-27 3.21 -
Sunbelt 3.9.2486.2 8831 2011-03-26 0.64 -
Symantec 1.3.0.24 20110326.002 2011-03-26 0.06 -
nProtect 20110326.01 3275801 2011-03-26 7.25 -
The Hacker 6.7.0.1 v00159 2011-03-26 0.82 -
VBA32 3.12.14.3 20110325.1219 2011-03-25 3.65 -
VirusBuster 5.2.0.28 13.6.272.0/48565992011-03-27 0.00 -
 
Okay, you're clear on that worry.

As for a suggestion of what yo use instead of Advanced System Care>> in a word, nothing. Here's why:

1. "Quick Care option includes the ability to clean your Registry. Deep Care option adds several features to Quick Care. These include a deeper Registry cleaning".>>
We don't recommend a registry cleaner to anyone. It doesn't not make any significant difference in the system performance and most users don't understand the registry well enough to know where an entry should be removed.

2. "perform a rudimentary malware scan": rudimentary: From dictionary.com: elementary, primitive, not elaborated or perfected, incompletely developed.
When you do malware scans you want them to be the very opposite of this. They should be advanced, complete, fully functional

3. "fix and remove broken shortcuts, delete junk files, and erase browsing tracks." All of this can be done from within the operating system. Browsing tracks- AKA History can be set for a shorter time and deleted whenever you want- mine is set to delete every time I close the browser.

4. "disk defragmenting". There is a defragmenter build into the OS. All you have to do is click to run.

5. ASC notes "Windows vulnerability fix" and a "Passive Defense": However they do not readily define what they do.

(Most of the quoted material above was taken from a description of the program on CNet. The opinions are all mine!)
================================================
My personal feeling is that I want to have control over my system. I know what it can do. I know when to do it. I know how to start troubleshooting if there is a problem.

On the other hand, if you want a software program to run your system, decide when to do what and how to do it, then maybe you should put some programs on the system to do it- but keep in mind: they will take up 'space' on the hard drive and they will use RAM when they run. Most will also contact the internet daily, several times a day, looking for 'updates.' The only auto-update I allow is the AV program.

It just depends on who you want to be the boss!

"a system optimization option with several optimization presets." System optimizers use system resources. In order to give the information, they need to run all the time. They are high resource user. transparent with how they'll affect your computer. Fortunately, the program's log records all of its activities. We'd just like to find out how a program like this is going to change our computer before it effects those changes.

"Turbo Boost will disable core system services in an attempt to accelerate your computer's performance" >> No commented needed.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back