Solved Two nights ago my computer got the System Check Virus

R

rcmeyer99

Posts: 67   +0
I saw on here that a few others have gotten this virus also. The only things I have done is run Malwarebytes and SuperAntiSpyware

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

Protection: Enabled

1/2/2012 3:38:55 PM
mbam-log-2012-01-02 (15-38-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 28063
Time elapsed: 8 minute(s), 25 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/02/2012 at 05:27 PM

Application Version : 5.0.1142

Core Rules Database Version : 8091
Trace Rules Database Version: 5903

Scan type : Quick Scan
Total Scan Time : 00:01:58

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 29596
Registry threats detected : 0
File items scanned : 5031
File threats detected : 46

Adware.Tracking Cookie
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\295WHODL.txt [ /xml.happytofind.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ZM1VK6JD.txt [ /doubleclick.net ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\TROE1G7G.txt [ /ru4.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\JNO37AX4.txt [ /247realmedia.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\GV1EV7HE.txt [ /sysufind.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\G385MUFC.txt [ /advertising.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\F3BZCYA1.txt [ /fastclick.net ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\BWF7LX0E.txt [ /adlegend.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ICZ2T8BJ.txt [ /r1-ads.ace.advertising.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\DRQ9Y10Z.txt [ /stat.onestat.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\G17H4RMQ.txt [ /realmedia.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\PIUB24VB.txt [ /mediaplex.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\UOGVRCUF.txt [ /at.atwola.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\4T865CY6.txt [ /apmebf.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\28D35OXA.txt [ /ad.yieldmanager.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\UOUX987Y.txt [ /specificclick.net ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\DAC1EHWK.txt [ /tacoda.at.atwola.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\TX3GWO4U.txt [ /atdmt.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\LH0SBLVU.txt [ /findedclik.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\FJ47AW3Z.txt [ /adxpose.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\VZH8XOWE.txt [ /collective-media.net ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\VPAE1U43.txt [ /invitemedia.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\3YFM4XTR.txt [ /yieldmanager.net ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ZI1S9APQ.txt [ /miva.cinomedia.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\A33N69D3.txt [ /media6degrees.com ]
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\3YM33DFR.txt [ /network.realmedia.com ]
C:\USERS\NICOLE\Cookies\295WHODL.txt [ Cookie:nicole@xml.happytofind.com/ ]
C:\USERS\NICOLE\Cookies\ZM1VK6JD.txt [ Cookie:nicole@doubleclick.net/ ]
C:\USERS\NICOLE\Cookies\TROE1G7G.txt [ Cookie:nicole@ru4.com/ ]
C:\USERS\NICOLE\Cookies\GV1EV7HE.txt [ Cookie:nicole@sysufind.com/ ]
C:\USERS\NICOLE\Cookies\BWF7LX0E.txt [ Cookie:nicole@adlegend.com/ ]
C:\USERS\NICOLE\Cookies\ICZ2T8BJ.txt [ Cookie:nicole@r1-ads.ace.advertising.com/ ]
C:\USERS\NICOLE\Cookies\DRQ9Y10Z.txt [ Cookie:nicole@stat.onestat.com/ ]
C:\USERS\NICOLE\Cookies\G17H4RMQ.txt [ Cookie:nicole@realmedia.com/ ]
C:\USERS\NICOLE\Cookies\PIUB24VB.txt [ Cookie:nicole@mediaplex.com/ ]
C:\USERS\NICOLE\Cookies\28D35OXA.txt [ Cookie:nicole@ad.yieldmanager.com/ ]
C:\USERS\NICOLE\Cookies\DAC1EHWK.txt [ Cookie:nicole@tacoda.at.atwola.com/ ]
C:\USERS\NICOLE\Cookies\TX3GWO4U.txt [ Cookie:nicole@atdmt.com/ ]
C:\USERS\NICOLE\Cookies\LH0SBLVU.txt [ Cookie:nicole@findedclik.com/ ]
C:\USERS\NICOLE\Cookies\FJ47AW3Z.txt [ Cookie:nicole@adxpose.com/ ]
C:\USERS\NICOLE\Cookies\VZH8XOWE.txt [ Cookie:nicole@collective-media.net/ ]
C:\USERS\NICOLE\Cookies\VPAE1U43.txt [ Cookie:nicole@invitemedia.com/ ]
C:\USERS\NICOLE\Cookies\3YFM4XTR.txt [ Cookie:nicole@yieldmanager.net/ ]
C:\USERS\NICOLE\Cookies\ZI1S9APQ.txt [ Cookie:nicole@miva.cinomedia.com/ ]
C:\USERS\NICOLE\Cookies\A33N69D3.txt [ Cookie:nicole@media6degrees.com/ ]
C:\USERS\NICOLE\Cookies\3YM33DFR.txt [ Cookie:nicole@network.realmedia.com/ ]

----------

I also saw in a previous post to run unhide to try and get files back. I have run this in both normal and safe modes. Nothing happened when I ran it.
 
realized I didn't send original Maleware log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

Protection: Enabled

1/2/2012 2:48:30 PM
mbam-log-2012-01-02 (14-19-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177851
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gyjAEPulVY.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\gyjAEPulVY.exe -> Quarantined and deleted successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Still need help

I believe I was successful in removing the System Check virus partially, but I think some of it is still there. I still have hidden files, My desktop is black and when I try to use any search engine I get redirected to different sites all the time.
 
aswMBR log

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-03 19:12:39
-----------------------------
19:12:39.696 OS Version: Windows x64 6.0.6002 Service Pack 2
19:12:39.697 Number of processors: 4 586 0x170A
19:12:39.697 ComputerName: NICOLE-PC UserName: Nicole
19:12:41.902 Initialize success
19:12:42.008 AVAST engine defs: 12010301
19:12:49.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:12:49.655 Disk 0 Vendor: ST375063 DE13 Size: 715404MB BusType: 3
19:12:49.665 Disk 0 MBR read successfully
19:12:49.668 Disk 0 MBR scan
19:12:49.672 Disk 0 Windows VISTA default MBR code
19:12:49.675 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
19:12:49.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
19:12:49.701 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699980 MB offset 31586304
19:12:49.706 Service scanning
19:12:50.965 Modules scanning
19:12:50.969 Disk 0 trace - called modules:
19:12:51.005 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007ed0334]<<
19:12:51.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b67790]
19:12:51.016 3 CLASSPNP.SYS[fffffa60009c0c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800638d050]
19:12:51.022 \Driver\iaStorV[0xfffffa8005841ae0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007ed0334
19:12:54.396 AVAST engine scan C:\Windows
19:12:57.681 AVAST engine scan C:\Windows\system32
19:15:00.187 AVAST engine scan C:\Windows\system32\drivers
19:15:20.718 AVAST engine scan C:\Users\Nicole
19:15:44.764 File: C:\Users\Nicole\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe **INFECTED** Win32:Malware-gen
19:16:58.766 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
19:16:58.774 The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"
 
gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 18:26:25
Windows 6.0.6002 Service Pack 2
Running: 4i9b70yh.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@haikbfdjheonepap 0x6B 0x61 0x6E 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}@iacklbokghlgbnjplp 0x6A 0x61 0x6F 0x70 ...

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combofix

I ran Combofix, but before I could get a log Avast popped on and interrupted after restarting and before I was able to stop avast again.
 
Avast gives you an option to disable it permanently.
Do so, re-run Combofix and re-enable Avast,
 
Finally got it

ComboFix 12-01-03.08 - Nicole 01/04/2012 4:04.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4047 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 10:40 . 2012-01-04 10:52 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-01-04 10:40 . 2012-01-04 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 09:05 . 2012-01-04 09:05 -------- d-----w- C:\f57976069260d26b1cae261f45ca
2012-01-04 08:23 . 2012-01-04 08:23 -------- d-----w- C:\6c3d4801ac2b96a6b866387472
2012-01-04 06:12 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-04 06:12 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-04 06:12 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-04 06:12 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-04 06:12 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-04 06:12 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-04 06:11 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-04 06:11 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-03 20:23 . 2012-01-03 20:23 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 18:10 . 2012-01-03 18:10 -------- d-----w- C:\eb99211563fb9e909585b8ec
2012-01-02 22:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-02 22:30 . 2012-01-04 06:11 -------- d-----w- c:\programdata\AVAST Software
2012-01-02 22:30 . 2012-01-02 22:30 -------- d-----w- c:\program files\AVAST Software
2012-01-02 20:27 . 2012-01-02 20:27 -------- d-----w- C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-02 05:45 . 2012-01-02 23:55 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 05:45 . 2012-01-02 05:45 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 05:44 . 2012-01-02 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-02 05:44 . 2012-01-02 05:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-02 04:47 . 2012-01-02 04:47 -------- d-----w- C:\a8bdd53a4f3715258e
2012-01-02 03:29 . 2012-01-02 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 03:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 21:48 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:48 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 21:48 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 21:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 21:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 21:48 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-14 04:13 . 2011-12-14 04:14 -------- d-----w- c:\users\Nicole\AppData\Roaming\Apple Computer
2011-12-14 04:13 . 2011-12-14 04:13 -------- d-----w- c:\users\Nicole\AppData\Local\Apple Computer
2011-12-14 04:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 04:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-14 04:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-14 04:12 . 2012-01-02 23:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\program files\iPod
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files\iTunes
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-14 04:10 . 2011-12-14 04:10 -------- d-----w- c:\users\Nicole\AppData\Local\Apple
2011-12-14 04:09 . 2011-12-14 04:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Bonjour
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-14 04:06 . 2011-12-14 04:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-14 04:06 . 2011-12-14 04:09 -------- d-----w- c:\programdata\Apple
2011-12-11 14:36 . 2011-12-11 14:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 10:49 . 2012-01-04 08:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\offreg.dll
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 20:23 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 08:21 . 2012-01-03 07:39 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\mpengine.dll
2011-11-15 20:29 . 2011-01-17 07:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-04_05.38.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-01-04 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 10:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-04 08:55 45626 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-04 10:51 71170 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-04 08:19 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-04 08:19 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-04 08:22 . 2012-01-04 08:22 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-17 09:02 . 2011-12-17 09:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-17 09:02 . 2011-12-17 09:02 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-04 08:23 . 2012-01-04 08:23 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 09:03 . 2010-09-23 09:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 08:52 . 2010-09-23 08:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-23 00:12 . 2010-09-23 00:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-01-04 10:13 . 2012-01-04 10:13 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\45904e3cf3a3043ade103996f8a89a5b\System.Web.DynamicData.Design.ni.dll
+ 2011-01-17 04:22 . 2012-01-04 10:51 8828 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1475235829-1360834442-158596274-1000_UserData.bin
- 2012-01-04 05:36 . 2012-01-04 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-04 05:36 . 2012-01-04 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-01-04 07:52 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-04 04:28 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-04 04:28 118872 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-04 07:52 118872 c:\windows\system32\perfc009.dat
+ 2011-04-16 08:26 . 2012-01-04 08:52 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-16 08:26 . 2012-01-04 05:35 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-04 08:19 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-04 08:09 . 2012-01-04 08:09 488448 c:\windows\Installer\175833.msi
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-23 00:10 . 2010-09-23 00:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-09-11 00:17 . 2010-09-11 00:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 02:41 . 2010-09-23 02:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-23 00:04 . 2010-09-23 00:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 01:39 . 2010-09-23 01:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-23 00:50 . 2010-09-23 00:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2012-01-04 10:13 . 2012-01-04 10:13 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe
+ 2012-01-04 10:31 . 2012-01-04 10:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1d3da9468a4b3eaf6e2ea9def503d888\System.Web.Routing.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\dba78af9f778d38117fe4ccf5f4c76f7\System.Web.Extensions.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\fcd6fda81cab3ace8b9d77887a01e892\System.Web.Entity.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\337de84cce8fc2bcbbf7900132abbc2f\System.Web.Entity.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d8313ac5d702f0ffc0e77ea9d945cfd2\System.Web.DynamicData.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\0de7bfc89e883f66f872c1158e06d5cb\System.Web.Abstractions.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c60afe58108cefe6b558996f0d9a1c11\System.Data.Entity.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\050c7465e7222cdab000294af3131403\ServiceModelReg.ni.exe
+ 2012-01-04 08:19 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\1ffe6.msp
+ 2011-12-13 07:10 . 2011-12-13 07:10 4703232 c:\windows\Installer\1ffe5.msp
+ 2011-12-25 11:48 . 2011-12-25 11:48 1505792 c:\windows\Installer\17583b.msp
+ 2010-09-23 00:05 . 2010-09-23 00:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 09:08 . 2010-09-16 09:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 23:51 . 2010-06-19 23:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 06:14 . 2011-08-03 06:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-01-04 10:13 . 2012-01-04 10:13 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll
+ 2012-01-04 08:27 . 2012-01-04 08:27 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll
+ 2012-01-04 08:27 . 2012-01-04 08:27 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll
+ 2012-01-04 08:26 . 2012-01-04 08:26 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll
+ 2012-01-04 10:10 . 2012-01-04 10:10 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\32a67054a82cf24c011e116e94d11864\System.WorkflowServices.ni.dll
+ 2012-01-04 08:25 . 2012-01-04 08:25 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\8bfc3619e3848592a4924cba58a00459\System.Workflow.Runtime.ni.dll
+ 2012-01-04 08:25 . 2012-01-04 08:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\3721ccdfdca60443a32ca9f8a937f315\System.Workflow.ComponentModel.ni.dll
+ 2012-01-04 08:24 . 2012-01-04 08:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\79e0fe6c014999d64e7cf9717624013f\System.Workflow.Activities.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\800af0d5c4bcd9b600a229050b22d6bd\System.Web.Mobile.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c759aa20f1f012c1dc5dd7076d0816f7\System.Web.Extensions.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\3c93a9b25482a56053eb509a58860dbf\System.ServiceModel.Web.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d75b561b3c22f68af985785352660022\System.Data.Services.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6e0b0d4d67c760e1e2f6cfd7cd6a8492\MIGUIControls.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3732b9e409000beda05e878d02da1813\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb28192d6fcdca44077406c2bf1ad37c\Microsoft.MediaCenter.UI.ni.dll
- 2011-01-20 09:04 . 2011-01-20 09:04 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-04 08:11 . 2012-01-04 08:11 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-11-02 12:33 . 2012-01-04 08:10 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 12:33 . 2012-01-02 06:28 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:35 . 2012-01-04 08:12 54867776 c:\windows\system32\mrt.exe
+ 2011-04-16 08:26 . 2012-01-04 08:52 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
- 2011-04-16 08:26 . 2012-01-04 05:35 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\bb6e7.msp
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\bb6e0.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\1ffe8.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\1ffe7.msp
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\175875.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 38176256 c:\windows\Installer\175873.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 37148160 c:\windows\Installer\175857.msp
+ 2010-09-23 09:03 . 2010-09-23 09:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
- 2012-01-02 21:25 . 2012-01-02 21:25 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2012-01-04 10:47 . 2012-01-04 10:47 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2012-01-04 10:10 . 2012-01-04 10:11 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFB8E.tmp\System.Web.dll
+ 2012-01-04 10:11 . 2012-01-04 10:12 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll
+ 2012-01-04 08:26 . 2012-01-04 08:26 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
+ 2012-01-04 08:23 . 2012-01-04 08:23 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\30a87086e78b69d17416bfb74aab355f\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\17.0.963.12\chrome_frame_helper.exe" [2011-12-15 97336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-02 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTE1MjE5NzEwOC1GTDEwKzEtVFVHKzMtU1VQKzQtRERUKzMzMjEtU1AxUzQrMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzE&prod=55&ver=10.0.1416" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-23 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\3x9vtm12.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30305&client_id=1868eed49cc815d83f5c97b8&camp_id=3534&install_time=2012-01-02T06:15Z&pr=auto&tb_version=1.0.14000(G)&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1475235829-1360834442-158596274-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}*]
"haikbfdjheonepap"=hex:6b,61,6e,70,62,63,6a,6b,61,6d,63,6b,6a,67,6a,69,68,6c,
6d,63,61,6e,00,00
"iacklbokghlgbnjplp"=hex:6a,61,6f,70,63,63,61,65,66,69,68,6e,6c,61,6c,6d,6a,61,
68,64,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-01-04 05:29:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 11:29
.
Pre-Run: 408,256,532,480 bytes free
Post-Run: 410,406,588,416 bytes free
.
- - End Of File - - 41A99943E5636D3F5895242BE29055C5
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RegNull::
[HKEY_USERS\S-1-5-21-1475235829-1360834442-158596274-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}*]

Folder::
c:\program files (x86)\Common Files\AVG Secure Search

Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
latest combofix

Did as you said, but would it matter if the combofix updated?



ComboFix 12-01-04.02 - Nicole 01/04/2012 11:56:01.6.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4127 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
Command switches used :: c:\users\Nicole\Desktop\CFScript.lnk
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 18:34 . 2012-01-04 18:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\offreg.dll
2012-01-04 18:31 . 2012-01-04 18:40 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-01-04 18:31 . 2012-01-04 18:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-04 18:31 . 2012-01-04 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 09:05 . 2012-01-04 09:05 -------- d-----w- C:\f57976069260d26b1cae261f45ca
2012-01-04 08:23 . 2012-01-04 08:23 -------- d-----w- C:\6c3d4801ac2b96a6b866387472
2012-01-04 06:12 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-04 06:12 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-04 06:12 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-04 06:12 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-04 06:12 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-04 06:12 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-04 06:11 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-04 06:11 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-03 20:23 . 2012-01-03 20:23 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 18:10 . 2012-01-03 18:10 -------- d-----w- C:\eb99211563fb9e909585b8ec
2012-01-03 07:39 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\mpengine.dll
2012-01-02 22:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-02 22:30 . 2012-01-04 06:11 -------- d-----w- c:\programdata\AVAST Software
2012-01-02 22:30 . 2012-01-02 22:30 -------- d-----w- c:\program files\AVAST Software
2012-01-02 20:27 . 2012-01-02 20:27 -------- d-----w- C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-02 05:45 . 2012-01-02 23:55 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 05:45 . 2012-01-02 05:45 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 05:44 . 2012-01-02 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-02 05:44 . 2012-01-02 05:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-02 04:47 . 2012-01-02 04:47 -------- d-----w- C:\a8bdd53a4f3715258e
2012-01-02 03:29 . 2012-01-02 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 03:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 21:48 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:48 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 21:48 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 21:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 21:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 21:48 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-14 04:13 . 2011-12-14 04:14 -------- d-----w- c:\users\Nicole\AppData\Roaming\Apple Computer
2011-12-14 04:13 . 2011-12-14 04:13 -------- d-----w- c:\users\Nicole\AppData\Local\Apple Computer
2011-12-14 04:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 04:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-14 04:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-14 04:12 . 2012-01-02 23:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\program files\iPod
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files\iTunes
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-14 04:10 . 2011-12-14 04:10 -------- d-----w- c:\users\Nicole\AppData\Local\Apple
2011-12-14 04:09 . 2011-12-14 04:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Bonjour
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-14 04:06 . 2011-12-14 04:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-14 04:06 . 2011-12-14 04:09 -------- d-----w- c:\programdata\Apple
2011-12-11 14:36 . 2011-12-11 14:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 20:23 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 20:29 . 2011-01-17 07:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-04_10.53.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-01-04 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-04 18:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-04 18:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-04 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 18:35 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-04 10:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-04 18:38 45970 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-04 18:38 71392 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-17 04:22 . 2012-01-04 18:38 8892 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1475235829-1360834442-158596274-1000_UserData.bin
- 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 18:34 . 2012-01-04 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 18:34 . 2012-01-04 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-16 08:26 . 2012-01-04 18:33 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-16 08:26 . 2012-01-04 08:52 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-16 08:26 . 2012-01-04 18:33 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
- 2011-04-16 08:26 . 2012-01-04 08:52 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
- 2012-01-04 10:47 . 2012-01-04 10:47 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2012-01-04 18:33 . 2012-01-04 18:33 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\17.0.963.12\chrome_frame_helper.exe" [2011-12-15 97336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-02 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTE1MjE5NzEwOC1GTDEwKzEtVFVHKzMtU1VQKzQtRERUKzMzMjEtU1AxUzQrMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzE&prod=55&ver=10.0.1416" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-23 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\3x9vtm12.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30305&client_id=1868eed49cc815d83f5c97b8&camp_id=3534&install_time=2012-01-02T06:15Z&pr=auto&tb_version=1.0.14000(G)&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1475235829-1360834442-158596274-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}*]
"haikbfdjheonepap"=hex:6b,61,6e,70,62,63,6a,6b,61,6d,63,6b,6a,67,6a,69,68,6c,
6d,63,61,6e,00,00
"iacklbokghlgbnjplp"=hex:6a,61,6f,70,63,63,61,65,66,69,68,6e,6c,61,6c,6d,6a,61,
68,64,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-01-04 13:12:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 19:12
ComboFix2.txt 2012-01-04 11:29
.
Pre-Run: 410,243,457,024 bytes free
Post-Run: 410,218,098,688 bytes free
.
- - End Of File - - 9D73229ACBE45AB391A31B44F4A4472F
 
Here is what you asked for

ComboFix 12-01-04.02 - Nicole 01/04/2012 15:12:18.7.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4211 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
Command switches used :: c:\users\Nicole\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 21:51 . 2012-01-04 21:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\offreg.dll
2012-01-04 21:49 . 2012-01-04 21:53 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-01-04 21:49 . 2012-01-04 21:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-04 21:49 . 2012-01-04 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 09:05 . 2012-01-04 09:05 -------- d-----w- C:\f57976069260d26b1cae261f45ca
2012-01-04 08:23 . 2012-01-04 08:23 -------- d-----w- C:\6c3d4801ac2b96a6b866387472
2012-01-04 06:12 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-04 06:12 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-04 06:12 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-04 06:12 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-04 06:12 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-04 06:12 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-04 06:11 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-04 06:11 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-03 20:23 . 2012-01-03 20:23 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 18:10 . 2012-01-03 18:10 -------- d-----w- C:\eb99211563fb9e909585b8ec
2012-01-03 07:39 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\mpengine.dll
2012-01-02 22:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-02 22:30 . 2012-01-04 06:11 -------- d-----w- c:\programdata\AVAST Software
2012-01-02 22:30 . 2012-01-02 22:30 -------- d-----w- c:\program files\AVAST Software
2012-01-02 20:27 . 2012-01-02 20:27 -------- d-----w- C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-02 05:45 . 2012-01-02 23:55 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 05:45 . 2012-01-02 05:45 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 05:44 . 2012-01-02 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-02 05:44 . 2012-01-02 05:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-02 04:47 . 2012-01-02 04:47 -------- d-----w- C:\a8bdd53a4f3715258e
2012-01-02 03:29 . 2012-01-02 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 03:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 21:48 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:48 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 21:48 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 21:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 21:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 21:48 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-14 04:13 . 2011-12-14 04:14 -------- d-----w- c:\users\Nicole\AppData\Roaming\Apple Computer
2011-12-14 04:13 . 2011-12-14 04:13 -------- d-----w- c:\users\Nicole\AppData\Local\Apple Computer
2011-12-14 04:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 04:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-14 04:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-14 04:12 . 2012-01-02 23:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\program files\iPod
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files\iTunes
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-14 04:10 . 2011-12-14 04:10 -------- d-----w- c:\users\Nicole\AppData\Local\Apple
2011-12-14 04:09 . 2011-12-14 04:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Bonjour
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-14 04:06 . 2011-12-14 04:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-14 04:06 . 2011-12-14 04:09 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 20:23 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 20:29 . 2011-01-17 07:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-04_10.53.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-01-04 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-04 21:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-04 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 21:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-04 10:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 21:54 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-04 21:53 46050 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-04 21:53 71480 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-17 04:22 . 2012-01-04 21:53 8916 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1475235829-1360834442-158596274-1000_UserData.bin
+ 2012-01-04 21:51 . 2012-01-04 21:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 21:51 . 2012-01-04 21:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-16 08:26 . 2012-01-04 21:50 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-16 08:26 . 2012-01-04 08:52 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-16 08:26 . 2012-01-04 21:50 50211476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
+ 2012-01-04 20:37 . 2012-01-04 20:37 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
- 2012-01-04 10:47 . 2012-01-04 10:47 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\17.0.963.12\chrome_frame_helper.exe" [2011-12-15 97336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-02 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-23 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\3x9vtm12.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30305&client_id=1868eed49cc815d83f5c97b8&camp_id=3534&install_time=2012-01-02T06:15Z&pr=auto&tb_version=1.0.14000(G)&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-01-04 16:27:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 22:27
ComboFix2.txt 2012-01-04 19:12
ComboFix3.txt 2012-01-04 11:29
.
Pre-Run: 410,313,568,256 bytes free
Post-Run: 410,559,840,256 bytes free
.
- - End Of File - - 751B9E030DDAEE2087756377CD7A34D6
 
Finally have hidden files back

I finally have my hidden files back, but I am still getting the redirect if I try to use any search engines.
 
Redirects

I tried Google Chrome, Internet Explorer and Fire Fox. All three were redirected when I typed in techspot then clicked on your site.
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Sorry

Didn't work the first couple times



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3f00000

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
FRST.txt log

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by Nicole at 2012-01-04 21:41:23
Running from C:\Users\Nicole\Desktop
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-04 21:40 - 2012-01-04 21:40 - 1378579 ____A C:\Users\Nicole\Desktop\FRST64.exe
2012-01-04 18:17 - 2012-01-04 18:17 - 0000727 ____A C:\Users\Nicole\Desktop\bootkittext.txt
2012-01-04 18:06 - 2012-01-04 18:06 - 0044607 ____A C:\Users\Nicole\Desktop\bootkit_remover (1).zip
2012-01-04 18:03 - 2012-01-04 18:03 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 17:53 - 2012-01-04 18:17 - 0061420 ____A C:\Users\Nicole\Desktop\bootkit_remover_debug_log.txt
2012-01-04 17:53 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\Nicole\Desktop\boot_cleaner.exe
2012-01-04 16:28 - 2012-01-04 16:28 - 0020800 ____A C:\ComboFix.txt
2012-01-04 14:58 - 2012-01-04 16:28 - 0000000 ____D C:\ComboFix
2012-01-04 03:05 - 2012-01-04 03:05 - 0000000 ____D C:\f57976069260d26b1cae261f45ca
2012-01-04 02:47 - 2012-01-04 02:48 - 0001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-04 02:23 - 2012-01-04 02:23 - 0000000 ____D C:\6c3d4801ac2b96a6b866387472
2012-01-04 00:12 - 2012-01-04 00:12 - 0361210 ____A C:\Users\Nicole\AppData\Local\dd_vcredistMSI6778.txt
2012-01-04 00:12 - 2012-01-04 00:12 - 0011378 ____A C:\Users\Nicole\AppData\Local\dd_vcredistUI6778.txt
2012-01-04 00:12 - 2012-01-04 00:12 - 0001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-01-04 00:12 - 2011-11-28 11:54 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-01-04 00:12 - 2011-11-28 11:53 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-01-04 00:12 - 2011-11-28 11:52 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-01-04 00:12 - 2011-11-28 11:52 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-01-04 00:12 - 2011-11-28 11:52 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-01-04 00:12 - 2011-11-28 11:51 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-01-04 00:11 - 2011-11-28 12:01 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-01-04 00:11 - 2011-11-28 12:01 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-01-04 00:01 - 2012-01-04 00:01 - 0684297 ____A C:\Users\Nicole\Desktop\unhide(5).exe
2012-01-03 20:00 - 2011-06-26 00:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-03 20:00 - 2010-11-07 11:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-03 20:00 - 2009-04-19 22:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-03 20:00 - 2000-08-30 18:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-03 20:00 - 2000-08-30 18:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-03 20:00 - 2000-08-30 18:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-03 20:00 - 2000-08-30 18:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-03 20:00 - 2000-08-30 18:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-03 19:59 - 2012-01-03 23:47 - 0000000 ____D C:\Windows\ERDNT
2012-01-03 19:57 - 2012-01-04 16:28 - 0000000 ____D C:\Qoobox
2012-01-03 19:51 - 2012-01-04 11:40 - 4369970 ____R (Swearware) C:\Users\Nicole\Desktop\ComboFix.exe
2012-01-03 19:16 - 2012-01-03 19:16 - 0002012 ____A C:\Users\Nicole\Documents\aswMBR.txt
2012-01-03 19:16 - 2012-01-03 19:16 - 0000512 ____A C:\Users\Nicole\Documents\MBR.dat
2012-01-03 19:11 - 2012-01-03 19:11 - 4704768 ____A (AVAST Software) C:\Users\Nicole\Desktop\aswMBR.exe
2012-01-03 16:59 - 2012-01-03 19:25 - 0607260 ____A (Swearware) C:\Users\Nicole\Desktop\dds.scr
2012-01-03 16:26 - 2012-01-03 19:22 - 0000666 ____A C:\Users\Nicole\Documents\GMER.log
2012-01-03 14:23 - 2012-01-03 14:23 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-03 14:14 - 2012-01-03 14:14 - 0302592 ____A C:\Users\Nicole\Desktop\4i9b70yh.exe
2012-01-03 13:42 - 2012-01-03 13:42 - 0000296 ____A C:\Windows\System32\spsys.log
2012-01-03 12:10 - 2012-01-03 12:10 - 0000000 ____D C:\eb99211563fb9e909585b8ec
2012-01-02 17:22 - 2012-01-02 17:22 - 0009216 ____A C:\Users\Nicole\Documents\techspot.wps
2012-01-02 16:32 - 2012-01-04 00:12 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-01-02 16:32 - 2011-11-28 12:01 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-01-02 16:31 - 2012-01-02 16:32 - 10319556 ____A C:\Users\Nicole\AppData\Local\dd_vcredistMSI388D.txt
2012-01-02 16:31 - 2012-01-02 16:32 - 0011410 ____A C:\Users\Nicole\AppData\Local\dd_vcredistUI388D.txt
2012-01-02 16:30 - 2012-01-04 00:11 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-01-02 16:30 - 2012-01-04 00:11 - 0000000 ____D C:\ProgramData\AVAST Software
2012-01-02 16:30 - 2012-01-02 16:30 - 0000000 ____D C:\Program Files\AVAST Software
2012-01-02 14:27 - 2012-01-02 14:27 - 0000000 ____D C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-01 23:45 - 2012-01-04 15:45 - 0000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
2012-01-01 23:45 - 2012-01-04 02:00 - 0000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
2012-01-01 23:45 - 2012-01-02 17:55 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-01-01 23:45 - 2012-01-02 17:55 - 0000000 ____D C:\ProgramData\Lavasoft
2012-01-01 23:45 - 2012-01-01 23:45 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 23:44 - 2012-01-02 14:15 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-01 23:44 - 2012-01-01 23:44 - 0001758 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-01-01 23:44 - 2012-01-01 23:44 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-01 23:44 - 2012-01-01 23:44 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-01 23:30 - 2012-01-01 23:30 - 0000000 ____D C:\Users\Nicole\Documents\WinUnhide-1
2012-01-01 22:47 - 2012-01-01 22:47 - 0000000 ____D C:\a8bdd53a4f3715258e
2012-01-01 21:29 - 2012-01-01 21:30 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-01 21:29 - 2012-01-01 21:29 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-01 21:29 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\Malwarebytes
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-30 17:42 - 2012-01-01 21:00 - 0000680 ____A C:\Users\Nicole\AppData\Local\d3d9caps.dat
2011-12-30 17:33 - 2012-01-03 13:41 - 0488716 ____A C:\Windows\ntbtlog.txt
2011-12-28 19:55 - 2011-12-28 20:04 - 0000000 ____D C:\Users\Nicole\Desktop\Christmas 2011
2011-12-28 18:04 - 2011-12-28 18:04 - 0002553 ____A C:\Users\Nicole\Desktop\AutoCAD 2012 - English.lnk
2011-12-26 02:06 - 2011-12-28 00:44 - 0028160 ____A C:\Users\Nicole\Documents\appetizers.wps
2011-12-22 14:08 - 2011-12-22 15:12 - 0068258 ____A C:\Users\Nicole\Documents\belt buckle.dwg
2011-12-22 13:56 - 2011-12-22 13:56 - 0002087 ____A C:\Users\Nicole\Desktop\Revit Architecture 2012.lnk
2011-12-22 13:56 - 2011-12-22 13:56 - 0002066 ____A C:\Users\Nicole\Desktop\Revit Structure 2012.lnk
2011-12-16 03:01 - 2011-11-03 20:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 03:01 - 2011-11-03 19:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 03:01 - 2011-11-03 19:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-16 03:01 - 2011-11-03 19:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 03:01 - 2011-11-03 19:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-16 03:01 - 2011-11-03 19:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 03:01 - 2011-11-03 19:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 03:01 - 2011-11-03 19:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 03:01 - 2011-11-03 19:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-16 03:01 - 2011-11-03 19:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 03:01 - 2011-11-03 19:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 03:01 - 2011-11-03 19:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-16 03:01 - 2011-11-03 19:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 03:01 - 2011-11-03 17:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-16 03:01 - 2011-11-03 16:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-16 03:01 - 2011-11-03 16:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-16 03:01 - 2011-11-03 16:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-16 03:01 - 2011-11-03 16:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 03:01 - 2011-11-03 16:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 03:01 - 2011-11-03 16:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-16 03:01 - 2011-11-03 16:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-16 03:01 - 2011-11-03 16:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-16 03:01 - 2011-11-03 16:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-16 03:01 - 2011-11-03 16:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-16 03:01 - 2011-11-03 16:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-16 03:01 - 2011-11-03 16:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 15:48 - 2011-11-23 07:57 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-15 15:48 - 2011-11-08 08:58 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-15 15:48 - 2011-11-08 08:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-15 15:48 - 2011-10-25 10:09 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-15 15:48 - 2011-10-14 11:30 - 0559616 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-15 15:48 - 2011-10-14 10:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-13 22:13 - 2012-01-01 22:27 - 0000000 ____D C:\Users\Nicole\Desktop\iTunes
2011-12-13 22:13 - 2011-12-13 22:14 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2011-12-13 22:13 - 2011-12-13 22:13 - 0001714 ____A C:\Users\Nicole\Desktop\iTunes.lnk
2011-12-13 22:13 - 2011-12-13 22:13 - 0000000 ____D C:\Users\Nicole\AppData\Local\Apple Computer
2011-12-13 22:12 - 2009-05-18 13:17 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2011-12-13 22:12 - 2008-04-17 12:12 - 0126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2011-12-13 22:12 - 2008-04-17 12:12 - 0107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2011-12-13 22:11 - 2011-12-13 22:12 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-13 22:11 - 2011-12-13 22:12 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-13 22:11 - 2011-12-13 22:12 - 0000000 ____D C:\Program Files\iTunes
2011-12-13 22:11 - 2011-12-13 22:12 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\ProgramData\Apple Computer
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\Program Files\iPod
2011-12-13 22:10 - 2011-12-13 22:10 - 0000000 ____D C:\Users\Nicole\AppData\Local\Apple
2011-12-13 22:09 - 2011-12-13 22:09 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files\Bonjour
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-12-13 22:06 - 2011-12-13 22:09 - 0000000 ____D C:\Users\All Users\Apple
2011-12-13 22:06 - 2011-12-13 22:09 - 0000000 ____D C:\ProgramData\Apple
2011-12-12 00:35 - 2011-12-12 00:36 - 0145969 ____A C:\Users\Nicole\Desktop\attitude.jpg


============ 3 Months Modified Files and Folders =============

2012-01-04 21:41 - 2012-01-04 21:41 - 0000000 ____D C:\FRST
2012-01-04 21:40 - 2012-01-04 21:40 - 1378579 ____A C:\Users\Nicole\Desktop\FRST64.exe
2012-01-04 21:09 - 2011-04-27 14:39 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-04 21:09 - 2011-04-27 14:39 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-04 21:08 - 2011-07-16 09:48 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
2012-01-04 21:08 - 2011-07-16 09:48 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
2012-01-04 19:51 - 2006-11-02 09:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-04 19:51 - 2006-11-02 09:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-04 18:45 - 2011-01-28 19:09 - 0000000 ____D C:\Users\Nicole\AppData\Local\Microsoft Games
2012-01-04 18:17 - 2012-01-04 18:17 - 0000727 ____A C:\Users\Nicole\Desktop\bootkittext.txt
2012-01-04 18:17 - 2012-01-04 17:53 - 0061420 ____A C:\Users\Nicole\Desktop\bootkit_remover_debug_log.txt
2012-01-04 18:06 - 2012-01-04 18:06 - 0044607 ____A C:\Users\Nicole\Desktop\bootkit_remover (1).zip
2012-01-04 18:03 - 2012-01-04 18:03 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 16:28 - 2012-01-04 16:28 - 0020800 ____A C:\ComboFix.txt
2012-01-04 16:28 - 2012-01-04 14:58 - 0000000 ____D C:\ComboFix
2012-01-04 16:28 - 2012-01-03 19:57 - 0000000 ____D C:\Qoobox
2012-01-04 16:21 - 2008-01-20 19:53 - 1431319 ____A C:\Windows\WindowsUpdate.log
2012-01-04 15:54 - 2006-11-02 06:34 - 0000215 ____A C:\Windows\system.ini
2012-01-04 15:53 - 2006-11-02 06:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-04 15:51 - 2008-01-20 21:26 - 0022468 ____A C:\Windows\PFRO.log
2012-01-04 15:51 - 2006-11-02 09:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-04 15:50 - 2006-11-02 09:42 - 0029684 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-04 15:45 - 2012-01-01 23:45 - 0000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
2012-01-04 11:40 - 2012-01-03 19:51 - 4369970 ____R (Swearware) C:\Users\Nicole\Desktop\ComboFix.exe
2012-01-04 11:26 - 2011-09-22 18:22 - 0002027 ____A C:\Users\Nicole\Desktop\Google Chrome.lnk
2012-01-04 05:30 - 2006-11-02 07:33 - 0000000 ___RD C:\users\Public
2012-01-04 05:30 - 2006-11-02 07:33 - 0000000 ___RD C:\users\Default
2012-01-04 04:50 - 2011-01-16 18:55 - 0001460 ____A C:\Users\Nicole\AppData\Local\d3d9caps64.dat
2012-01-04 03:05 - 2012-01-04 03:05 - 0000000 ____D C:\f57976069260d26b1cae261f45ca
2012-01-04 02:49 - 2011-03-11 23:03 - 0000000 ____D C:\Users\Nicole\Desktop\I myself and me
2012-01-04 02:48 - 2012-01-04 02:47 - 0001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-04 02:23 - 2012-01-04 02:23 - 0000000 ____D C:\6c3d4801ac2b96a6b866387472
2012-01-04 02:15 - 2011-04-30 10:26 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-04 02:15 - 2011-04-30 10:26 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-04 02:12 - 2006-11-02 06:35 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-04 02:00 - 2012-01-01 23:45 - 0000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
2012-01-04 01:52 - 2006-11-02 06:46 - 0756338 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-04 00:12 - 2012-01-04 00:12 - 0361210 ____A C:\Users\Nicole\AppData\Local\dd_vcredistMSI6778.txt
2012-01-04 00:12 - 2012-01-04 00:12 - 0011378 ____A C:\Users\Nicole\AppData\Local\dd_vcredistUI6778.txt
2012-01-04 00:12 - 2012-01-04 00:12 - 0001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-01-04 00:12 - 2012-01-02 16:32 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-01-04 00:11 - 2012-01-02 16:30 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-01-04 00:11 - 2012-01-02 16:30 - 0000000 ____D C:\ProgramData\AVAST Software
2012-01-04 00:01 - 2012-01-04 00:01 - 0684297 ____A C:\Users\Nicole\Desktop\unhide(5).exe
2012-01-03 23:47 - 2012-01-03 19:59 - 0000000 ____D C:\Windows\ERDNT
2012-01-03 19:25 - 2012-01-03 16:59 - 0607260 ____A (Swearware) C:\Users\Nicole\Desktop\dds.scr
2012-01-03 19:22 - 2012-01-03 16:26 - 0000666 ____A C:\Users\Nicole\Documents\GMER.log
2012-01-03 19:16 - 2012-01-03 19:16 - 0002012 ____A C:\Users\Nicole\Documents\aswMBR.txt
2012-01-03 19:16 - 2012-01-03 19:16 - 0000512 ____A C:\Users\Nicole\Documents\MBR.dat
2012-01-03 19:11 - 2012-01-03 19:11 - 4704768 ____A (AVAST Software) C:\Users\Nicole\Desktop\aswMBR.exe
2012-01-03 16:53 - 2011-01-22 22:56 - 0019266 ____A C:\Users\Nicole\AppData\Roaming\wklnhst.dat
2012-01-03 14:23 - 2012-01-03 14:23 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-03 14:23 - 2011-07-14 09:45 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-03 14:14 - 2012-01-03 14:14 - 0302592 ____A C:\Users\Nicole\Desktop\4i9b70yh.exe
2012-01-03 13:42 - 2012-01-03 13:42 - 0000296 ____A C:\Windows\System32\spsys.log
2012-01-03 13:41 - 2011-12-30 17:33 - 0488716 ____A C:\Windows\ntbtlog.txt
2012-01-03 12:10 - 2012-01-03 12:10 - 0000000 ____D C:\eb99211563fb9e909585b8ec
2012-01-02 17:55 - 2012-01-01 23:45 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-01-02 17:55 - 2012-01-01 23:45 - 0000000 ____D C:\ProgramData\Lavasoft
2012-01-02 17:22 - 2012-01-02 17:22 - 0009216 ____A C:\Users\Nicole\Documents\techspot.wps
2012-01-02 16:32 - 2012-01-02 16:31 - 10319556 ____A C:\Users\Nicole\AppData\Local\dd_vcredistMSI388D.txt
2012-01-02 16:32 - 2012-01-02 16:31 - 0011410 ____A C:\Users\Nicole\AppData\Local\dd_vcredistUI388D.txt
2012-01-02 16:30 - 2012-01-02 16:30 - 0000000 ____D C:\Program Files\AVAST Software
2012-01-02 15:36 - 2011-01-16 18:56 - 0000000 ____D C:\Users\Nicole\AppData\LocalLow
2012-01-02 14:27 - 2012-01-02 14:27 - 0000000 ____D C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-02 14:19 - 2011-10-03 15:26 - 0000000 ____D C:\Users\Nicole\AppData\Local\Conduit
2012-01-02 14:15 - 2012-01-01 23:44 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-02 00:13 - 2011-01-22 22:55 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-01-02 00:07 - 2006-11-02 07:33 - 0000000 ____D C:\Windows\Resources
2012-01-01 23:45 - 2012-01-01 23:45 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 23:44 - 2012-01-01 23:44 - 0001758 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-01-01 23:44 - 2012-01-01 23:44 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-01 23:44 - 2012-01-01 23:44 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-01 23:30 - 2012-01-01 23:30 - 0000000 ____D C:\Users\Nicole\Documents\WinUnhide-1
2012-01-01 22:47 - 2012-01-01 22:47 - 0000000 ____D C:\a8bdd53a4f3715258e
2012-01-01 22:27 - 2011-12-13 22:13 - 0000000 ____D C:\Users\Nicole\Desktop\iTunes
2012-01-01 22:17 - 2011-01-17 03:35 - 0000000 ____D C:\Users\All Users\AVG10
2012-01-01 22:17 - 2011-01-17 03:35 - 0000000 ____D C:\ProgramData\AVG10
2012-01-01 22:12 - 2011-01-16 19:01 - 0000000 ____D C:\Users\All Users\MFAData
2012-01-01 22:12 - 2011-01-16 19:01 - 0000000 ____D C:\ProgramData\MFAData
2012-01-01 22:07 - 2011-04-29 15:03 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-01-01 22:07 - 2011-04-29 14:55 - 0000000 ____D C:\Users\All Users\Autodesk
2012-01-01 22:07 - 2011-04-29 14:55 - 0000000 ____D C:\ProgramData\Autodesk
2012-01-01 22:05 - 2011-04-29 14:57 - 0751252 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-01 21:47 - 2011-01-17 03:35 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-01-01 21:30 - 2012-01-01 21:29 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-01 21:29 - 2012-01-01 21:29 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\Malwarebytes
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-01 21:24 - 2012-01-01 21:24 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-01 21:00 - 2011-12-30 17:42 - 0000680 ____A C:\Users\Nicole\AppData\Local\d3d9caps.dat
2011-12-28 20:04 - 2011-12-28 19:55 - 0000000 ____D C:\Users\Nicole\Desktop\Christmas 2011
2011-12-28 18:04 - 2011-12-28 18:04 - 0002553 ____A C:\Users\Nicole\Desktop\AutoCAD 2012 - English.lnk
2011-12-28 00:44 - 2011-12-26 02:06 - 0028160 ____A C:\Users\Nicole\Documents\appetizers.wps
2011-12-24 02:43 - 2011-09-05 21:09 - 0000000 ____D C:\Users\Nicole\Desktop\Elissa and Dave' B Party
2011-12-24 02:43 - 2011-08-29 21:36 - 0000000 ____D C:\Users\Nicole\Desktop\Christine D A
2011-12-22 15:22 - 2011-08-18 15:47 - 0000503 ____A C:\Users\Nicole\Documents\plot.log
2011-12-22 15:21 - 2011-04-29 15:32 - 0000000 ____D C:\Users\Nicole\AppData\Local\cache
2011-12-22 15:12 - 2011-12-22 14:08 - 0068258 ____A C:\Users\Nicole\Documents\belt buckle.dwg
2011-12-22 13:56 - 2011-12-22 13:56 - 0002087 ____A C:\Users\Nicole\Desktop\Revit Architecture 2012.lnk
2011-12-22 13:56 - 2011-12-22 13:56 - 0002066 ____A C:\Users\Nicole\Desktop\Revit Structure 2012.lnk
2011-12-21 19:46 - 2011-12-03 16:26 - 0000000 ____D C:\Users\Nicole\Desktop\Makayla, Christine, Josh, Randy and Christmas
2011-12-21 02:48 - 2011-04-24 15:04 - 0000000 ___RD C:\Users\Nicole\Desktop\Misc..Outside, makayla, Trenton, Garden and various
2011-12-18 14:51 - 2011-12-03 16:25 - 0010752 ____A C:\Users\Nicole\Documents\Randy's Medical.wps
2011-12-16 19:41 - 2006-11-02 07:33 - 0000000 ____D C:\Windows\rescache
2011-12-16 19:24 - 2006-11-02 09:21 - 0356672 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 18:53 - 2011-01-17 12:47 - 0037376 ____A C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-14 11:53 - 2006-11-02 09:27 - 0043358 ____A C:\Windows\setupact.log
2011-12-13 22:14 - 2011-12-13 22:13 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2011-12-13 22:13 - 2011-12-13 22:13 - 0001714 ____A C:\Users\Nicole\Desktop\iTunes.lnk
2011-12-13 22:13 - 2011-12-13 22:13 - 0000000 ____D C:\Users\Nicole\AppData\Local\Apple Computer
2011-12-13 22:12 - 2011-12-13 22:11 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-13 22:12 - 2011-12-13 22:11 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-13 22:12 - 2011-12-13 22:11 - 0000000 ____D C:\Program Files\iTunes
2011-12-13 22:12 - 2011-12-13 22:11 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\ProgramData\Apple Computer
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\Program Files\iPod
2011-12-13 22:10 - 2011-12-13 22:10 - 0000000 ____D C:\Users\Nicole\AppData\Local\Apple
2011-12-13 22:09 - 2011-12-13 22:09 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-12-13 22:09 - 2011-12-13 22:06 - 0000000 ____D C:\Users\All Users\Apple
2011-12-13 22:09 - 2011-12-13 22:06 - 0000000 ____D C:\ProgramData\Apple
2011-12-13 22:09 - 2011-01-16 18:55 - 0000000 ____D C:\users\Nicole
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files\Bonjour
2011-12-13 22:07 - 2011-12-13 22:07 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-12-12 00:36 - 2011-12-12 00:35 - 0145969 ____A C:\Users\Nicole\Desktop\attitude.jpg
2011-12-10 15:24 - 2012-01-01 21:29 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-01 22:09 - 2011-12-01 01:25 - 0000000 ____D C:\Users\Nicole\Desktop\OCT NOV 2011
2011-11-28 12:01 - 2012-01-04 00:11 - 0199816 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2011-11-28 12:01 - 2012-01-04 00:11 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-11-28 12:01 - 2012-01-02 16:32 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 11:54 - 2012-01-04 00:12 - 0591192 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-11-28 11:53 - 2012-01-04 00:12 - 0304472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-11-28 11:52 - 2012-01-04 00:12 - 0066904 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-11-28 11:52 - 2012-01-04 00:12 - 0058712 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-11-28 11:52 - 2012-01-04 00:12 - 0042328 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-11-28 11:51 - 2012-01-04 00:12 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-11-23 07:57 - 2011-12-15 15:48 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-20 02:41 - 2011-11-20 01:08 - 0000000 ____D C:\Users\Nicole\AppData\Roaming\mIRC
2011-11-20 01:08 - 2011-11-20 01:08 - 0000000 ____D C:\Program Files (x86)\mIRC
2011-11-19 15:57 - 2011-11-19 15:57 - 0000000 ____D C:\Users\Nicole\AppData\Local\DigiPara
2011-11-19 15:57 - 2011-11-19 15:53 - 0000000 ____D C:\Users\All Users\DigiPara
2011-11-19 15:57 - 2011-11-19 15:53 - 0000000 ____D C:\ProgramData\DigiPara
2011-11-19 15:53 - 2011-11-19 15:53 - 0000000 ____D C:\Program Files (x86)\DigiPara
2011-11-17 20:28 - 2011-11-17 20:28 - 0000000 ____D C:\Users\Nicole\AppData\Local\Downloaded Installations
2011-11-15 14:29 - 2011-01-17 01:35 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-11-10 03:02 - 2006-11-02 07:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-08 08:58 - 2011-12-15 15:48 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-08 08:42 - 2011-12-15 15:48 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-03 20:38 - 2011-12-16 03:01 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 19:59 - 2011-12-16 03:01 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 19:53 - 2011-12-16 03:01 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 19:46 - 2011-12-16 03:01 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 19:44 - 2011-12-16 03:01 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 19:44 - 2011-12-16 03:01 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 19:43 - 2011-12-16 03:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 19:41 - 2011-12-16 03:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 19:39 - 2011-12-16 03:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 19:36 - 2011-12-16 03:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 19:35 - 2011-12-16 03:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 19:34 - 2011-12-16 03:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 19:30 - 2011-12-16 03:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 17:02 - 2011-12-16 03:01 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 16:47 - 2011-12-16 03:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 16:46 - 2011-12-16 03:01 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 16:40 - 2011-12-16 03:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 16:40 - 2011-12-16 03:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 16:39 - 2011-12-16 03:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 16:38 - 2011-12-16 03:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 16:37 - 2011-12-16 03:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 16:34 - 2011-12-16 03:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 16:32 - 2011-12-16 03:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 16:32 - 2011-12-16 03:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 16:31 - 2011-12-16 03:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 16:28 - 2011-12-16 03:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-29 11:25 - 2011-03-30 20:49 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-25 10:09 - 2011-12-15 15:48 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-19 13:42 - 2011-10-19 13:42 - 0000000 ____D C:\Program Files\Interplay Sports
2011-10-16 15:53 - 2011-10-16 15:53 - 0000000 ____D C:\Program Files (x86)\LG Electronics
2011-10-16 15:53 - 2011-10-16 15:53 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2011-10-14 11:30 - 2011-12-15 15:48 - 0559616 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-14 10:02 - 2011-12-15 15:48 - 0429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-12 02:32 - 2011-10-03 14:45 - 0000000 ____D C:\Users\Nicole\AppData\Local\OpenCandy
2011-10-12 02:30 - 2006-11-02 07:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-10-12 02:30 - 2006-11-02 07:33 - 0000000 ___RD C:\Windows\Offline Web Pages
2011-10-12 02:30 - 2006-11-02 07:33 - 0000000 ____D C:\Windows\PolicyDefinitions

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 6077.03 MB
Available physical RAM: 3866.65 MB
Total Pagefile: 12343.11 MB
Available Pagefile: 10126.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:380.84 GB) NTFS ==>[Drive with boot components]
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.71 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 15 GB 63 MB
Partition 3 Primary 684 GB 15 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 684 GB Healthy System

==========================================================

Last Boot: 2012-01-04 16:04

======================= End Of Log ==========================
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back