Inactive Popups, popunders, slow keyboard> suspect malware

mizkim

Posts: 12   +0
Hello I have popunders and keyboard is slow responding. I see winlogon.exe, a second instance of iexplorer.exe that using a lot of memory also,and searchsettings.exe 32 in taskmanager. Thanks in advance.

Malware Bytes

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kimberly :: KIMBERLY-LAPTOP [administrator]

2/6/2012 10:24:15 PM
mbam-log-2012-02-06 (22-24-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191793
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kimberly\Local Settings\Temporary Internet Files\Content.IE5\KVS9N0EA\ProxyChecker-1.0.0.28.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)
 
dds logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kimberly at 11:50:16 on 2012-02-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.364 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kimberly\Desktop\sugdxl6c.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361109b126l0378z195i4841t332
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361109b126l0378z195i4841t332
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A}\037364851303034373731333 : DhcpNameServer = 192.168.200.1 192.168.200.1
TCP: Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A}\038364850323034333939363 : DhcpNameServer = 192.168.200.1 192.168.200.1
TCP: Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5} : DhcpNameServer = 216.68.4.10 216.68.5.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 3w.filesonic.c0m/file/28933273/M0.87.7.rar
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2009-9-11 24576]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-10-13 253952]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S2 Application Updater;Application Updater;"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" --> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
S3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-07 05:05:46 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66D3DBD9-1ED0-4784-95C9-D744D1E4FF31}\offreg.dll
2012-02-07 03:22:43 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Malwarebytes
2012-02-07 03:22:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-07 03:22:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-07 03:22:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-07 03:07:50 9502424 ----a-w- C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Network Shortcuts\mbam-setup-1.60.1.1000.exe
2012-02-07 02:14:39 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-06 05:01:09 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66D3DBD9-1ED0-4784-95C9-D744D1E4FF31}\mpengine.dll
2012-02-02 13:11:18 -------- d-----w- C:\Program Files (x86)\Market Samurai
2012-01-29 20:13:29 366592 ----a-w- C:\Windows\SysWow64\ADTaxViewX.ocx
2012-01-29 20:13:28 848168 ----a-w- C:\Windows\SysWow64\wodTelnetDLX.ocx
2012-01-29 20:13:26 -------- d-----w- C:\11wintax
2012-01-28 16:48:03 -------- d-----w- C:\Windows\SysWow64\20-20 Technologies
2012-01-26 13:48:14 -------- d-----w- C:\Users\Kimberly\AppData\Local\Help
2012-01-26 13:22:56 -------- d-----w- C:\11TWMenu
2012-01-14 18:54:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 18:54:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 18:54:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 18:54:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 10:52:20 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 10:52:20 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 10:52:19 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 10:52:18 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 10:52:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 10:52:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 10:51:31 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 10:51:31 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-18 01:20:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 04:09:45 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-13 04:09:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 11:50:41.09 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/11/2009 12:42:03 AM
System Uptime: 2/6/2012 11:15:33 PM (12 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 83.789 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&71F16A0&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&71F16A0&0&00E0
Service: b57nd60a
.
==== System Restore Points ===================
.
RP384: 1/24/2012 3:27:49 AM - Windows Update
RP386: 1/28/2012 4:59:12 AM - Windows Update
RP388: 1/31/2012 11:55:17 PM - Windows Update
RP390: 2/4/2012 11:53:43 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office system
2011 Master Tax Menu
Acer Assist
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Business Contact Manager for Outlook 2007 SP2
D3DX10
EBSCO Publishing Download Manager
ESET Online Scanner v3
eSobi v2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Keyword Optimizer Pro 2
KONICA MINOLTA magicolor 2430DL Printer Driver Software
Launch Manager
Mail List Validator 2.0
Malwarebytes Anti-Malware version 1.60.1.1000
Market Samurai
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 9.0.1 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
OverDrive Media Console
PC Connectivity Solution
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
simpleology DesktopCockpit 1.2
simpleology Wimiki
Spelling Dictionaries Support For Adobe Reader 9
Stealth Keyword Competition Analyzer 2.2.4
Taxware 2011 Individual Tax
Traffic Travis 4.1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Utility Poster
Welcome Center
WildTangent Games App (Acer Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
YouTube Downloader 2.6.5
YouTube Downloader Toolbar v4.9
.
==== Event Viewer Messages From Past Week ========
.
2/6/2012 6:43:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Kimberly-Laptop\Kimberly SID (S-1-5-21-3069146838-422871353-4151006262-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/6/2012 6:43:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Kimberly-Laptop\Kimberly SID (S-1-5-21-3069146838-422871353-4151006262-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/5/2012 8:34:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware.

Before we start, please do the following:
1. Uninstall the Bearshare Mediabar Toolbar and BHO. (Browser Helper Object.
Look in Add/Remove Programs and uninstall all 'Mediabar' and/or Bearshare processes.
Then use Windows Explorer to access Computer> Local Drive (C)> Programs. Do a right click> Delete on the folder for Mediabar or Bearshare.

2. Do the same for entries named Spigot. Search Settings, and/or Widgi Toolbar
Reboot when finished.

Note: There will be some processes for both remaining. I will have you remove then after Combofix.
=======================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
Please leave logs for Combofix and Eset scan in next reply.
===========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

BTW, it is normal to have 2 or more iexplore.exe processes with IE8. But malware can hide in most any process, so we check it out.

Edit: I have renamed your thread to a more appropriate description of the problems.
 
combofix log

Thank you for your help. I appreciate it.

ComboFix 12-02-07.01 - Kimberly 02/07/2012 17:39:11.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.853 [GMT -5:00]
Running from: c:\users\Kimberly\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 22:49 . 2012-02-07 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 03:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 03:07 . 2012-02-07 03:07 9502424 ----a-w- c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Network Shortcuts\mbam-setup-1.60.1.1000.exe
2012-02-07 02:14 . 2012-02-07 02:14 -------- d-----w- c:\program files (x86)\ESET
2012-02-02 13:11 . 2012-02-02 13:11 -------- d-----w- c:\program files (x86)\Market Samurai
2012-01-29 20:13 . 2003-05-19 10:07 366592 ----a-w- c:\windows\SysWow64\ADTaxViewX.ocx
2012-01-29 20:13 . 2007-01-22 04:30 848168 ----a-w- c:\windows\SysWow64\wodTelnetDLX.ocx
2012-01-29 20:13 . 2012-02-06 21:12 -------- d-----w- C:\11wintax
2012-01-28 16:48 . 2012-01-28 16:48 -------- d-----w- c:\windows\SysWow64\20-20 Technologies
2012-01-26 13:48 . 2012-01-26 13:48 -------- d-----w- c:\users\Kimberly\AppData\Local\Help
2012-01-26 13:22 . 2012-01-26 14:04 -------- d-----w- C:\11TWMenu
2012-01-14 18:54 . 2012-01-14 18:54 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 18:54 . 2012-01-14 18:54 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 18:54 . 2012-01-14 18:54 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 18:54 . 2012-01-14 18:54 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 10:52 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 10:52 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 10:52 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 10:52 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 10:52 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 10:52 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 10:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 10:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 13:42 . 2012-01-09 13:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-11-12 05:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2011-12-30 15:22 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-29 15:17 . 2011-12-29 15:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29AD0893-DFC8-425F-B38C-34F3AD2B7BDB}\gapaengine.dll
2011-12-18 01:20 . 2011-09-13 11:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 04:09 . 2011-12-13 04:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 04:09 . 2011-12-13 04:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-24 04:52 . 2011-12-14 11:49 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-27 09:32 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{297ED13B-D01C-4A59-973D-225FCC03C474}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_18.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 09:33 . 2012-02-07 22:52 63424 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-07 22:52 46694 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-07 22:52 16848 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-08-22 09:33 . 2012-02-07 22:52 63424 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-07 22:52 46694 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-07 22:52 16848 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-11-12 19:32 . 2012-02-07 21:38 3710 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2009-11-12 19:32 . 2012-02-07 21:38 3710 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-07 22:50 . 2012-02-07 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-07 22:50 . 2012-02-07 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-13 19:50 . 2012-02-07 19:24 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-13 19:50 . 2012-02-07 19:24 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-07 18:52 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-07 22:50 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 19:50 . 2012-02-07 19:24 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 19:50 . 2012-02-07 19:24 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-14 12:59 . 2012-02-07 18:21 2101308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-8192.dat
+ 2011-04-14 12:59 . 2012-02-07 22:50 2101308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-8192.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-07 19:24 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-07 19:24 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-11 22:17 196384 ----a-w- c:\program files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-28 1130504]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-13 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 492032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-07 18:05:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 23:05
ComboFix2.txt 2012-02-07 18:59
.
Pre-Run: 91,672,768,512 bytes free
Post-Run: 91,623,813,120 bytes free
.
- - End Of File - - FE4FC867BB3E8B302DA67F97E4023120
 
eset scan

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Kimberly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CH9CYYDW\cn_download[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Kimberly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-636b9b10 a variant of Java/TrojanDownloader.Agent.ME trojan
C:\Users\Kimberly\Desktop\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Kimberly\Downloads\cnet_revosetup_exe (1).exe a variant of Win32/InstallCore.D application
C:\Users\Kimberly\Downloads\cnet_revosetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kimberly\Downloads\CompanyStyleBlue.zip PHP/Kryptik.AB trojan
C:\Users\Kimberly\Downloads\corpo-geek-10.zip PHP/Kryptik.AB trojan
C:\Users\Kimberly\Downloads\Mimoza.zip PHP/Kryptik.AB trojan
 
I was offline Wednesday and Thursday. I thought I got everyone in the message I left.

1. Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Processes	
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe 
    
    :Files 
    C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll 
    C:\Users\Kimberly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CH9CYYDW\cn_download[1].htm 
    C:\Users\Kimberly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-636b9b10 
    C:\Users\Kimberly\Desktop\YouTubeDownloaderSetup265.exe 
    C:\Users\Kimberly\Downloads\cnet_revosetup_exe (1).exe 
    C:\Users\Kimberly\Downloads\cnet_revosetup_exe.exe 
    C:\Users\Kimberly\Downloads\CompanyStyleBlue.zip 
    C:\Users\Kimberly\Downloads\corpo-geek-10.zip 
    C:\Users\Kimberly\Downloads\Mimoza.zip 
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================================================
2. Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
DDS::
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
Hosts: 3w.filesonic.c0m/file/28933273/M0.87.7.rar
Registry::
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"=- 
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
3.
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Save log, include in next reply.
  • A reboot is required after disinfection.
=====================================
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
=================================
Plese leave all logs in next reply: New log from OTM, Combofix, TDSSKiller and 2 logs from OTL.
 
otm scan

OTL logfile created on: 2/12/2012 10:38:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimberly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 53.17% Memory free
3.86 Gb Paging File | 2.84 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 84.58 Gb Free Space | 61.63% Space Free | Partition Type: NTFS

Computer Name: KIMBERLY-LAPTOP | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Kimberly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Windows\PLFSetI.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 05:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 23:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/14 13:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/17 20:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Extensions
[2012/02/08 07:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\extensions
[2011/12/17 20:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KIMBERLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9VCUXJVT.DEFAULT\EXTENSIONS\SEODOCTOR@PRELOVAC.COM.XPI
[2012/01/14 13:54:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/14 13:54:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/14 13:54:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SEOquake = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\0.9.15_0\
CHR - Extension: Ultimate Chrome Flag = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.3.7_0\
CHR - Extension: Silver Bird = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.4_0\
CHR - Extension: Andrew@ChromeFans = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.2_0\
CHR - Extension: kuber = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgojllinjdfbjknbpfcladgieljgoab\1.4.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Google Global = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\1.0\

O1 HOSTS File: ([2012/02/12 22:03:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 216.68.4.10 216.68.5.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 22:32:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2012/02/12 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\tdsskiller
[2012/02/12 22:21:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/12 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 21:24:40 | 004,402,282 | R--- | C] (Swearware) -- C:\Users\Kimberly\Desktop\ComboFix.exe
[2012/02/12 21:07:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 21:07:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 21:07:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 20:36:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/12 20:34:03 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTM.exe
[2012/02/07 13:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/07 13:38:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 07:45:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kimberly\Desktop\dds.scr
[2012/02/06 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Malwarebytes
[2012/02/06 22:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/06 22:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 22:22:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/06 22:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/06 22:17:28 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kimberly\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/06 21:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/02 08:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2012/01/29 15:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Taxware
[2012/01/29 15:13:26 | 000,000,000 | ---D | C] -- C:\11wintax
[2012/01/28 11:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies
[2012/01/26 08:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Help
[2012/01/26 08:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Local\Help
[2012/01/26 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taxware
[2012/01/26 08:22:56 | 000,000,000 | ---D | C] -- C:\11TWMenu

========== Files - Modified Within 30 Days ==========

[2012/02/12 22:32:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2012/02/12 22:28:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 22:28:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 22:24:14 | 002,041,278 | ---- | M] () -- C:\Users\Kimberly\Desktop\tdsskiller.zip
[2012/02/12 22:21:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 22:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 22:20:58 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 22:14:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 22:03:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/12 21:24:47 | 004,402,282 | R--- | M] (Swearware) -- C:\Users\Kimberly\Desktop\ComboFix.exe
[2012/02/12 20:34:24 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTM.exe
[2012/02/07 07:45:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kimberly\Desktop\dds.scr
[2012/02/07 07:06:28 | 000,302,592 | ---- | M] () -- C:\Users\Kimberly\Desktop\sugdxl6c.exe
[2012/02/06 23:16:02 | 000,420,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/06 22:22:16 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 22:17:29 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kimberly\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/04 06:38:27 | 000,448,611 | ---- | M] () -- C:\Users\Kimberly\Desktop\HowtoAchievetheNewAmericanDream.pdf
[2012/02/02 14:25:30 | 003,766,272 | ---- | M] () -- C:\Users\Kimberly\Documents\lipsuction.msam
[2012/02/02 08:32:11 | 004,146,176 | ---- | M] () -- C:\Users\Kimberly\Documents\migraine.msam
[2012/02/02 08:11:28 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/02/02 08:07:28 | 000,001,093 | ---- | M] () -- C:\Users\Kimberly\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis v4.lnk
[2012/02/02 08:07:28 | 000,001,069 | ---- | M] () -- C:\Users\Kimberly\Desktop\Traffic Travis v4.lnk
[2012/01/29 15:14:54 | 000,795,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/29 15:14:54 | 000,673,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/29 15:14:54 | 000,125,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 15:14:50 | 000,000,598 | ---- | M] () -- C:\Users\Kimberly\Desktop\2011 Individual Tax.lnk
[2012/01/26 08:23:08 | 000,000,598 | ---- | M] () -- C:\Users\Kimberly\Desktop\2011 Master Tax menu.lnk
[2012/01/26 08:22:34 | 004,191,935 | ---- | M] () -- C:\Users\Kimberly\Desktop\11twmenu.exe
[2012/01/26 08:20:32 | 004,358,326 | ---- | M] () -- C:\Users\Kimberly\Desktop\wt11_010112_012512.rtp
[2012/01/25 11:10:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/21 07:31:36 | 005,069,824 | ---- | M] () -- C:\Users\Kimberly\Documents\tea weight loss.msam
[2012/01/21 07:00:47 | 002,830,336 | ---- | M] () -- C:\Users\Kimberly\Documents\mattress.msam
[2012/01/21 06:44:36 | 001,912,832 | ---- | M] () -- C:\Users\Kimberly\Documents\ivf.msam
[2012/01/20 13:15:55 | 000,074,512 | ---- | M] () -- C:\Users\Kimberly\Desktop\PassportApplicationComplete.pdf
[2012/01/19 06:09:51 | 001,381,376 | ---- | M] () -- C:\Users\Kimberly\Documents\diet .msam
[2012/01/18 08:40:15 | 000,281,600 | ---- | M] () -- C:\Users\Kimberly\Documents\motivation.msam

========== Files Created - No Company Name ==========

[2012/02/12 22:24:14 | 002,041,278 | ---- | C] () -- C:\Users\Kimberly\Desktop\tdsskiller.zip
[2012/02/12 21:07:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 21:07:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 21:07:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 21:07:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 21:07:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 07:06:06 | 000,302,592 | ---- | C] () -- C:\Users\Kimberly\Desktop\sugdxl6c.exe
[2012/02/06 22:22:16 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 06:38:27 | 000,448,611 | ---- | C] () -- C:\Users\Kimberly\Desktop\HowtoAchievetheNewAmericanDream.pdf
[2012/02/02 08:11:28 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012/02/02 08:11:28 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/01/29 15:14:50 | 000,000,598 | ---- | C] () -- C:\Users\Kimberly\Desktop\2011 Individual Tax.lnk
[2012/01/29 15:13:29 | 000,366,592 | ---- | C] () -- C:\Windows\SysWow64\ADTaxViewX.ocx
[2012/01/29 15:13:28 | 000,848,168 | ---- | C] () -- C:\Windows\SysWow64\wodTelnetDLX.ocx
[2012/01/29 15:12:50 | 079,327,422 | ---- | C] () -- C:\Users\Kimberly\Desktop\wintax11.exe
[2012/01/26 08:23:08 | 000,000,598 | ---- | C] () -- C:\Users\Kimberly\Desktop\2011 Master Tax menu.lnk
[2012/01/26 08:22:04 | 004,191,935 | ---- | C] () -- C:\Users\Kimberly\Desktop\11twmenu.exe
[2012/01/26 08:20:31 | 004,358,326 | ---- | C] () -- C:\Users\Kimberly\Desktop\wt11_010112_012512.rtp
[2012/01/20 20:04:53 | 001,912,832 | ---- | C] () -- C:\Users\Kimberly\Documents\ivf.msam
[2012/01/20 13:15:52 | 000,074,512 | ---- | C] () -- C:\Users\Kimberly\Desktop\PassportApplicationComplete.pdf
[2011/03/03 18:37:42 | 000,033,134 | ---- | C] () -- C:\Users\Kimberly\AppData\Roaming\UserTile.png
[2010/03/20 20:36:52 | 000,007,606 | ---- | C] () -- C:\Users\Kimberly\AppData\Local\Resmon.ResmonCfg
[2010/03/02 14:15:29 | 000,002,225 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2009/11/14 12:39:13 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/11 04:54:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/13 15:37:13 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/10/13 15:37:13 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/10/13 15:37:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/10/13 15:37:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/10/13 15:17:47 | 000,001,563 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/13 15:06:33 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/10/13 15:04:44 | 000,809,714 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/13 14:48:51 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/10/13 14:48:51 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/10/13 14:48:51 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/10/13 14:48:51 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/22 05:16:40 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/22 05:16:40 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/22 05:16:37 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/22 05:16:37 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/22 05:16:37 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/12/21 11:34:54 | 000,033,840 | ---- | C] () -- C:\Windows\MSTMON03.INI
[2005/12/21 11:34:54 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT03.INI
[2005/05/24 14:02:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MSHRES_U.DLL
[2005/05/10 15:45:00 | 000,033,878 | ---- | C] () -- C:\Windows\MSTMON_U.INI
[2005/04/29 15:14:00 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI

========== LOP Check ==========

[2009/11/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Acer
[2011/12/23 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Affilorama
[2010/05/11 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Amazon
[2011/12/29 10:24:08 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\EMCO
[2009/11/16 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\InterVideo
[2009/11/11 03:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Leadertech
[2011/12/28 15:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/12/31 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Nokia Ovi Suite
[2009/12/01 00:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\OverDrive
[2010/06/11 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PC Suite
[2011/03/03 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PeerNetworking
[2010/05/26 16:29:05 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\UtilityPoster.00AA8637DE87FE8F239ADEB0BBF4404B035FC52B.1
[2012/02/07 13:53:31 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
 
combo fix, tssd,

ComboFix 12-02-12.01 - Kimberly 02/12/2012 21:50:15.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.1071 [GMT -5:00]
Running from: c:\users\Kimberly\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 03:02 . 2012-02-13 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 01:36 . 2012-02-13 01:36 -------- d-----w- C:\_OTM
2012-02-12 23:20 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70C4FF62-906B-42EC-BCDA-7A97B5B6D8E5}\mpengine.dll
2012-02-10 23:21 . 2011-12-29 15:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 23:21 . 2012-02-10 23:20 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7821F883-F1F0-4B93-99C6-9761A26FC7E4}\gapaengine.dll
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 03:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 03:07 . 2012-02-07 03:07 9502424 ----a-w- c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Network Shortcuts\mbam-setup-1.60.1.1000.exe
2012-02-07 02:14 . 2012-02-07 02:14 -------- d-----w- c:\program files (x86)\ESET
2012-02-02 13:11 . 2012-02-02 13:11 -------- d-----w- c:\program files (x86)\Market Samurai
2012-01-29 20:13 . 2003-05-19 10:07 366592 ----a-w- c:\windows\SysWow64\ADTaxViewX.ocx
2012-01-29 20:13 . 2007-01-22 04:30 848168 ----a-w- c:\windows\SysWow64\wodTelnetDLX.ocx
2012-01-29 20:13 . 2012-02-06 21:12 -------- d-----w- C:\11wintax
2012-01-28 16:48 . 2012-01-28 16:48 -------- d-----w- c:\windows\SysWow64\20-20 Technologies
2012-01-26 13:48 . 2012-01-26 13:48 -------- d-----w- c:\users\Kimberly\AppData\Local\Help
2012-01-26 13:22 . 2012-01-26 14:04 -------- d-----w- C:\11TWMenu
2012-01-14 18:54 . 2012-01-14 18:54 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-14 18:54 . 2012-01-14 18:54 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-14 18:54 . 2012-01-14 18:54 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 18:54 . 2012-01-14 18:54 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-11-12 05:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2011-12-30 15:22 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-18 01:20 . 2011-09-13 11:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 04:09 . 2011-12-13 04:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 04:09 . 2011-12-13 04:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-24 04:52 . 2011-12-14 11:49 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-27 09:32 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{297ED13B-D01C-4A59-973D-225FCC03C474}\mpengine.dll
2011-11-19 14:58 . 2012-01-11 10:51 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 10:51 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-13 12:28 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-13 12:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-13 12:28 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 10:52 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-13 12:28 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-13 12:28 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-13 12:28 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-13 12:28 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-13 12:28 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-13 12:28 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-13 12:28 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 10:52 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-13 12:28 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-13 12:28 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-13 12:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-13 12:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_18.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 09:33 . 2012-02-13 03:05 64518 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 03:05 46846 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-13 03:05 17150 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-08-22 09:33 . 2012-02-13 03:05 64518 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 03:05 46846 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-13 03:05 17150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-11-12 19:32 . 2012-02-13 01:40 3710 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2009-11-12 19:32 . 2012-02-13 01:40 3710 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-13 03:03 . 2012-02-13 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 03:03 . 2012-02-13 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-13 19:50 . 2012-02-08 02:18 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-13 19:50 . 2012-02-08 02:18 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-02-13 03:02 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-07 18:52 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-13 19:50 . 2012-02-08 02:18 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 19:50 . 2012-02-08 02:18 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-04 03:56 . 2012-02-07 18:21 1342420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-12288.dat
+ 2011-08-04 03:56 . 2012-02-13 02:13 1342420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-12288.dat
+ 2009-07-14 04:54 . 2012-02-08 02:18 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 02:18 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-14 12:59 . 2012-02-13 02:34 14447979 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-28 1130504]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-13 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 492032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-12 22:17:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 03:17
ComboFix2.txt 2012-02-13 02:41
ComboFix3.txt 2012-02-13 02:19
ComboFix4.txt 2012-02-07 23:05
ComboFix5.txt 2012-02-13 02:49
.
Pre-Run: 90,808,573,952 bytes free
Post-Run: 90,744,193,024 bytes free
.
- - End Of File - - FDB813E137280CEECC8371E609E091AD

23:04:40.0767 0228 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
23:04:41.0063 0228 ============================================================
23:04:41.0063 0228 Current date / time: 2012/02/12 23:04:41.0063
23:04:41.0063 0228 SystemInfo:
23:04:41.0063 0228
23:04:41.0063 0228 OS Version: 6.1.7601 ServicePack: 1.0
23:04:41.0063 0228 Product type: Workstation
23:04:41.0063 0228 ComputerName: KIMBERLY-LAPTOP
23:04:41.0063 0228 UserName: Kimberly
23:04:41.0063 0228 Windows directory: C:\Windows
23:04:41.0063 0228 System windows directory: C:\Windows
23:04:41.0063 0228 Running under WOW64
23:04:41.0063 0228 Processor architecture: Intel x64
23:04:41.0063 0228 Number of processors: 1
23:04:41.0063 0228 Page size: 0x1000
23:04:41.0063 0228 Boot type: Normal boot
23:04:41.0063 0228 ============================================================
23:04:41.0563 0228 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:04:41.0563 0228 \Device\Harddisk0\DR0:
23:04:41.0563 0228 MBR used
23:04:41.0563 0228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
23:04:41.0563 0228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x11276EB0
23:04:41.0578 0228 Initialize success
23:04:41.0578 0228 ============================================================
 
olt.txt

OTL logfile created on: 2/12/2012 10:38:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimberly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 53.17% Memory free
3.86 Gb Paging File | 2.84 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 84.58 Gb Free Space | 61.63% Space Free | Partition Type: NTFS

Computer Name: KIMBERLY-LAPTOP | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Kimberly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Windows\PLFSetI.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 05:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 23:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/14 13:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/17 20:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Extensions
[2012/02/08 07:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\extensions
[2011/12/17 20:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KIMBERLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9VCUXJVT.DEFAULT\EXTENSIONS\SEODOCTOR@PRELOVAC.COM.XPI
[2012/01/14 13:54:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/14 13:54:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/14 13:54:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SEOquake = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\0.9.15_0\
CHR - Extension: Ultimate Chrome Flag = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.3.7_0\
CHR - Extension: Silver Bird = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.4_0\
CHR - Extension: Andrew@ChromeFans = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.2_0\
CHR - Extension: kuber = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgojllinjdfbjknbpfcladgieljgoab\1.4.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Google Global = C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\1.0\

O1 HOSTS File: ([2012/02/12 22:03:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{865F40B4-1F59-4D21-A5A6-C0828F3F988A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 216.68.4.10 216.68.5.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 22:32:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2012/02/12 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\tdsskiller
[2012/02/12 22:21:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/12 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 21:24:40 | 004,402,282 | R--- | C] (Swearware) -- C:\Users\Kimberly\Desktop\ComboFix.exe
[2012/02/12 21:07:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 21:07:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 21:07:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 20:36:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/12 20:34:03 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTM.exe
[2012/02/07 13:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/07 13:38:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 07:45:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kimberly\Desktop\dds.scr
[2012/02/06 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Malwarebytes
[2012/02/06 22:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/06 22:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/06 22:22:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/06 22:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/06 22:17:28 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kimberly\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/06 21:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/02 08:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2012/01/29 15:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Taxware
[2012/01/29 15:13:26 | 000,000,000 | ---D | C] -- C:\11wintax
[2012/01/28 11:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies
[2012/01/26 08:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Help
[2012/01/26 08:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Local\Help
[2012/01/26 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taxware
[2012/01/26 08:22:56 | 000,000,000 | ---D | C] -- C:\11TWMenu

========== Files - Modified Within 30 Days ==========

[2012/02/12 22:32:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTL.exe
[2012/02/12 22:28:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 22:28:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 22:24:14 | 002,041,278 | ---- | M] () -- C:\Users\Kimberly\Desktop\tdsskiller.zip
[2012/02/12 22:21:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 22:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 22:20:58 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 22:14:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 22:03:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/12 21:24:47 | 004,402,282 | R--- | M] (Swearware) -- C:\Users\Kimberly\Desktop\ComboFix.exe
[2012/02/12 20:34:24 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Desktop\OTM.exe
[2012/02/07 07:45:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kimberly\Desktop\dds.scr
[2012/02/07 07:06:28 | 000,302,592 | ---- | M] () -- C:\Users\Kimberly\Desktop\sugdxl6c.exe
[2012/02/06 23:16:02 | 000,420,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/06 22:22:16 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 22:17:29 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kimberly\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/04 06:38:27 | 000,448,611 | ---- | M] () -- C:\Users\Kimberly\Desktop\HowtoAchievetheNewAmericanDream.pdf
[2012/02/02 14:25:30 | 003,766,272 | ---- | M] () -- C:\Users\Kimberly\Documents\lipsuction.msam
[2012/02/02 08:32:11 | 004,146,176 | ---- | M] () -- C:\Users\Kimberly\Documents\migraine.msam
[2012/02/02 08:11:28 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/02/02 08:07:28 | 000,001,093 | ---- | M] () -- C:\Users\Kimberly\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis v4.lnk
[2012/02/02 08:07:28 | 000,001,069 | ---- | M] () -- C:\Users\Kimberly\Desktop\Traffic Travis v4.lnk
[2012/01/29 15:14:54 | 000,795,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/29 15:14:54 | 000,673,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/29 15:14:54 | 000,125,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 15:14:50 | 000,000,598 | ---- | M] () -- C:\Users\Kimberly\Desktop\2011 Individual Tax.lnk
[2012/01/26 08:23:08 | 000,000,598 | ---- | M] () -- C:\Users\Kimberly\Desktop\2011 Master Tax menu.lnk
[2012/01/26 08:22:34 | 004,191,935 | ---- | M] () -- C:\Users\Kimberly\Desktop\11twmenu.exe
[2012/01/26 08:20:32 | 004,358,326 | ---- | M] () -- C:\Users\Kimberly\Desktop\wt11_010112_012512.rtp
[2012/01/25 11:10:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/21 07:31:36 | 005,069,824 | ---- | M] () -- C:\Users\Kimberly\Documents\tea weight loss.msam
[2012/01/21 07:00:47 | 002,830,336 | ---- | M] () -- C:\Users\Kimberly\Documents\mattress.msam
[2012/01/21 06:44:36 | 001,912,832 | ---- | M] () -- C:\Users\Kimberly\Documents\ivf.msam
[2012/01/20 13:15:55 | 000,074,512 | ---- | M] () -- C:\Users\Kimberly\Desktop\PassportApplicationComplete.pdf
[2012/01/19 06:09:51 | 001,381,376 | ---- | M] () -- C:\Users\Kimberly\Documents\diet .msam
[2012/01/18 08:40:15 | 000,281,600 | ---- | M] () -- C:\Users\Kimberly\Documents\motivation.msam

========== Files Created - No Company Name ==========

[2012/02/12 22:24:14 | 002,041,278 | ---- | C] () -- C:\Users\Kimberly\Desktop\tdsskiller.zip
[2012/02/12 21:07:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 21:07:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 21:07:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 21:07:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 21:07:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 07:06:06 | 000,302,592 | ---- | C] () -- C:\Users\Kimberly\Desktop\sugdxl6c.exe
[2012/02/06 22:22:16 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 06:38:27 | 000,448,611 | ---- | C] () -- C:\Users\Kimberly\Desktop\HowtoAchievetheNewAmericanDream.pdf
[2012/02/02 08:11:28 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012/02/02 08:11:28 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/01/29 15:14:50 | 000,000,598 | ---- | C] () -- C:\Users\Kimberly\Desktop\2011 Individual Tax.lnk
[2012/01/29 15:13:29 | 000,366,592 | ---- | C] () -- C:\Windows\SysWow64\ADTaxViewX.ocx
[2012/01/29 15:13:28 | 000,848,168 | ---- | C] () -- C:\Windows\SysWow64\wodTelnetDLX.ocx
[2012/01/29 15:12:50 | 079,327,422 | ---- | C] () -- C:\Users\Kimberly\Desktop\wintax11.exe
[2012/01/26 08:23:08 | 000,000,598 | ---- | C] () -- C:\Users\Kimberly\Desktop\2011 Master Tax menu.lnk
[2012/01/26 08:22:04 | 004,191,935 | ---- | C] () -- C:\Users\Kimberly\Desktop\11twmenu.exe
[2012/01/26 08:20:31 | 004,358,326 | ---- | C] () -- C:\Users\Kimberly\Desktop\wt11_010112_012512.rtp
[2012/01/20 20:04:53 | 001,912,832 | ---- | C] () -- C:\Users\Kimberly\Documents\ivf.msam
[2012/01/20 13:15:52 | 000,074,512 | ---- | C] () -- C:\Users\Kimberly\Desktop\PassportApplicationComplete.pdf
[2011/03/03 18:37:42 | 000,033,134 | ---- | C] () -- C:\Users\Kimberly\AppData\Roaming\UserTile.png
[2010/03/20 20:36:52 | 000,007,606 | ---- | C] () -- C:\Users\Kimberly\AppData\Local\Resmon.ResmonCfg
[2010/03/02 14:15:29 | 000,002,225 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2009/11/14 12:39:13 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/11 04:54:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/13 15:37:13 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/10/13 15:37:13 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/10/13 15:37:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/10/13 15:37:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/10/13 15:17:47 | 000,001,563 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/13 15:06:33 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/10/13 15:04:44 | 000,809,714 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/13 14:48:51 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/10/13 14:48:51 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/10/13 14:48:51 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/10/13 14:48:51 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/22 05:16:40 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/22 05:16:40 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/22 05:16:37 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/22 05:16:37 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/22 05:16:37 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/12/21 11:34:54 | 000,033,840 | ---- | C] () -- C:\Windows\MSTMON03.INI
[2005/12/21 11:34:54 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT03.INI
[2005/05/24 14:02:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MSHRES_U.DLL
[2005/05/10 15:45:00 | 000,033,878 | ---- | C] () -- C:\Windows\MSTMON_U.INI
[2005/04/29 15:14:00 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI

========== LOP Check ==========

[2009/11/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Acer
[2011/12/23 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Affilorama
[2010/05/11 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Amazon
[2011/12/29 10:24:08 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\EMCO
[2009/11/16 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\InterVideo
[2009/11/11 03:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Leadertech
[2011/12/28 15:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/12/31 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Nokia Ovi Suite
[2009/12/01 00:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\OverDrive
[2010/06/11 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PC Suite
[2011/03/03 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PeerNetworking
[2010/05/26 16:29:05 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\UtilityPoster.00AA8637DE87FE8F239ADEB0BBF4404B035FC52B.1
[2012/02/07 13:53:31 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
 
extras

OTL Extras logfile created on: 2/12/2012 10:38:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimberly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 53.17% Memory free
3.86 Gb Paging File | 2.84 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 84.58 Gb Free Space | 61.63% Space Free | Partition Type: NTFS

Computer Name: KIMBERLY-LAPTOP | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF0FCDAB-0C1F-458B-A948-85D1A10A2D45}" = EMCO MoveOnBoot 2.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1451479C-2331-43E3-A8C5-5D388EBE8969}" = EBSCO Publishing Download Manager
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{578082DB-B171-48D3-B22E-5B1662181051}" = simpleology Wimiki
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{819BD919-5B78-5D29-27AD-765778772B7C}" = Market Samurai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BA98EC5B-5B4C-2A54-4A50-72F932CF7DEF}" = simpleology DesktopCockpit 1.2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC7247DF-0F1E-FC3B-BF1F-806198FCD326}" = Utility Poster
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"2011 Master Tax Menu" = 2011 Master Tax Menu
"6983398e91e00aa801030d9612c168ab" = KONICA MINOLTA magicolor 2430DL Printer Driver Software
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"Keyword Optimizer Pro 22.0.1.6" = Keyword Optimizer Pro 2
"LManager" = Launch Manager
"Mail List Validator_is1" = Mail List Validator 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Stealth Keyword Competition Analyzer_is1" = Stealth Keyword Competition Analyzer 2.2.4
"Taxware 2011 Individual Tax" = Taxware 2011 Individual Tax
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"UtilityPoster.00AA8637DE87FE8F239ADEB0BBF4404B035FC52B.1" = Utility Poster
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2011 11:59:23 PM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/1/2011 12:01:01 AM | Computer Name = Kimberly-Laptop | Source = UmxAgent | ID = 99
Description =

Error - 6/1/2011 12:01:25 AM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/1/2011 12:01:34 AM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/1/2011 12:01:38 AM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/1/2011 8:06:16 AM | Computer Name = Kimberly-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: UpdaterService.exe, version: 1.0.0.6, time
stamp: 0x4a4de121 Faulting module name: UpdaterService.exe, version: 1.0.0.6, time
stamp: 0x4a4de121 Exception code: 0xc0000417 Fault offset: 0x00011f0f Faulting process
id: 0x828 Faulting application start time: 0x01cc201038f0117e Faulting application
path: C:\Program Files\Acer\Acer Updater\UpdaterService.exe Faulting module path:
C:\Program Files\Acer\Acer Updater\UpdaterService.exe Report Id: 8d14378d-8c47-11e0-ad00-00262d573835

Error - 6/1/2011 8:01:27 PM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 8:01:31 PM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 9:50:24 PM | Computer Name = Kimberly-Laptop | Source = UmxAgent | ID = 99
Description =

Error - 6/6/2011 4:01:37 PM | Computer Name = Kimberly-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/7/2010 9:49:04 PM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 8:49:02 PM - Failed to retrieve Broadband.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 2/7/2010 9:21:22 PM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 8:21:22 PM - Error connecting to the internet. 8:21:22 PM - Unable
to contact server..

Error - 2/7/2010 9:21:33 PM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 8:21:27 PM - Error connecting to the internet. 8:21:27 PM - Unable
to contact server..

Error - 2/12/2010 4:57:34 AM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 3:57:34 AM - Error connecting to the internet. 3:57:34 AM - Unable
to contact server..

Error - 2/12/2010 4:58:09 AM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 3:58:03 AM - Error connecting to the internet. 3:58:03 AM - Unable
to contact server..

Error - 2/22/2010 6:32:46 PM | Computer Name = Kimberly-Laptop | Source = MCUpdate | ID = 0
Description = 5:32:44 PM - Error connecting to the internet. 5:32:44 PM - Unable
to contact server..

[ OSession Events ]
Error - 4/9/2010 4:05:03 PM | Computer Name = Kimberly-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 628
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2012 9:36:12 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/12/2012 10:12:54 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/12/2012 10:31:48 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/12/2012 10:33:59 PM | Computer Name = Kimberly-Laptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 2/12/2012 10:33:59 PM | Computer Name = Kimberly-Laptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 2/12/2012 10:34:38 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/12/2012 10:35:28 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 2/12/2012 10:56:03 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/12/2012 11:02:36 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/12/2012 11:03:29 PM | Computer Name = Kimberly-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
 
Did you run this in Reply #7: 2. Please run this Custom CFScript: I don't have the log that was generated.
 
custom script

I thought I ran this properly yesterday but here ya go.


ComboFix 12-02-12.01 - Kimberly 02/13/2012 16:32:45.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.1195 [GMT -5:00]
Running from: c:\users\Kimberly\Desktop\ComboFix.exe
Command switches used :: c:\users\Kimberly\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 21:46 . 2012-02-13 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 01:36 . 2012-02-13 01:36 -------- d-----w- C:\_OTM
2012-02-12 23:20 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70C4FF62-906B-42EC-BCDA-7A97B5B6D8E5}\mpengine.dll
2012-02-10 23:21 . 2011-12-29 15:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 23:21 . 2012-02-10 23:20 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7821F883-F1F0-4B93-99C6-9761A26FC7E4}\gapaengine.dll
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 03:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 03:22 . 2012-02-07 03:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-07 03:07 . 2012-02-07 03:07 9502424 ----a-w- c:\users\Kimberly\AppData\Roaming\Microsoft\Windows\Network Shortcuts\mbam-setup-1.60.1.1000.exe
2012-02-07 02:14 . 2012-02-07 02:14 -------- d-----w- c:\program files (x86)\ESET
2012-02-02 13:11 . 2012-02-02 13:11 -------- d-----w- c:\program files (x86)\Market Samurai
2012-01-29 20:13 . 2003-05-19 10:07 366592 ----a-w- c:\windows\SysWow64\ADTaxViewX.ocx
2012-01-29 20:13 . 2007-01-22 04:30 848168 ----a-w- c:\windows\SysWow64\wodTelnetDLX.ocx
2012-01-29 20:13 . 2012-02-06 21:12 -------- d-----w- C:\11wintax
2012-01-28 16:48 . 2012-01-28 16:48 -------- d-----w- c:\windows\SysWow64\20-20 Technologies
2012-01-26 13:48 . 2012-01-26 13:48 -------- d-----w- c:\users\Kimberly\AppData\Local\Help
2012-01-26 13:22 . 2012-01-26 14:04 -------- d-----w- C:\11TWMenu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-11-12 05:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2011-12-30 15:22 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-18 01:20 . 2011-09-13 11:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 04:09 . 2011-12-13 04:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-13 04:09 . 2011-12-13 04:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-24 04:52 . 2011-12-14 11:49 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-27 09:32 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{297ED13B-D01C-4A59-973D-225FCC03C474}\mpengine.dll
2011-11-19 14:58 . 2012-01-11 10:51 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 10:51 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-13 12:28 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-13 12:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-13 12:28 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 10:52 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-13 12:28 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-13 12:28 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-13 12:28 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-13 12:28 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-13 12:28 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-13 12:28 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-13 12:28 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 10:52 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-13 12:28 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-13 12:28 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-13 12:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-13 12:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_18.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 09:33 . 2012-02-13 21:50 64716 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 21:50 46870 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-13 21:50 17198 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-08-22 09:33 . 2012-02-13 21:50 64716 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 21:50 46870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-11 05:43 . 2012-02-13 21:50 17198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069146838-422871353-4151006262-1003_UserData.bin
+ 2009-11-12 19:32 . 2012-02-13 21:47 3710 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2009-11-12 19:32 . 2012-02-13 21:47 3710 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-13 21:48 . 2012-02-13 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 21:48 . 2012-02-13 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-07 18:53 . 2012-02-07 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-13 19:50 . 2012-02-13 13:31 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-13 19:50 . 2012-02-13 13:31 344064 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-02-13 21:47 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-07 18:52 396564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-13 19:50 . 2012-02-13 13:31 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 19:50 . 2012-02-13 13:31 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-13 19:50 . 2012-02-07 18:06 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-04 03:56 . 2012-02-07 18:21 1342420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-12288.dat
+ 2011-08-04 03:56 . 2012-02-13 02:13 1342420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-12288.dat
+ 2009-07-14 04:54 . 2012-02-13 13:31 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 13:31 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-07 18:06 13975552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-14 12:59 . 2012-02-13 21:47 14608952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3069146838-422871353-4151006262-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-28 1130504]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-13 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 03:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 492032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\9vcuxjvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-02-13 17:03:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 22:03
ComboFix2.txt 2012-02-13 03:18
ComboFix3.txt 2012-02-13 02:41
ComboFix4.txt 2012-02-13 02:19
ComboFix5.txt 2012-02-13 21:31
.
Pre-Run: 91,409,170,432 bytes free
Post-Run: 91,446,300,672 bytes free
.
- - End Of File - - 4A4DF79DE529A36F3D09F5A5E0A75AAB
 
You probably ran the script be didn't leave the new log.

Question: there are many entries that appear to be work-related. Possibly business at home? Tax related? But also entries indicating office work such as Market Samurai which uses a "keyword analysis tool to learn your competitors weaknesses.".
2012-02-02 13:11 -------- d-----w- c:\program files (x86)\Market Samurai

The following are 'old' by date and both Active X objects:
2003-05-19 10:07 366592 ----a-w- c:\windows\SysWow64\ADTaxViewX.ocx: >>This is an Active X Object. There is no safe site or English site on the internet to identify the process.

2007-01-22 04:30 848168 ----a-w- c:\windows\SysWow64\wodTelnetDLX.ocx:>> This also is an Activex Object, part of WeOnlyDo! wodTelnetDLX ActiveX Control
Please read the following regarding the WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods
Vulnerability Note VU#378604 from Cert

Both of the above can be risks and should be removed if not using or needed for work.

The following may belong to either a .com which is for Interior Design Software for Professionals-or- .net which may be related to "Global Capacity."
2012-01-28 16:48 -------- d-----w- c:\windows\SysWow64\20-20 Technologies
I don't want to remove work software, but I do need to know what I'm leaving!
-------------------------------------
If you could let me know about these, I will either ignore them or include them in the script for removal.
 
Is this your work computer? Are you in an office? Do you have an IT person available?

If you have old programs you no longer use, please uninstall them. Then use Windows Explorer to access Computer> Local Drive (C)> Programs. Find folder for each program you uninstalled and do a right click> Delete.

When you do scans, the more processes, the longer the scans.

Reboot when finished.
 
I used to run a tax business. This is now my back up computer that I made the mistake of letting someone use. I've deleted the obsolete programs.
 
Please reboot the computer, update and scan with Combofix again to reflect these removals.
 
Back