[Close] Removed Trojan.FakeAlert but still having problems

lesterw · Jan 8, 2012

On the 5th while I was browsing the internet (Not sure what site as I had several windows open - was searching for a wordpress theme) a pdf opened up and I got a lot of fake errors about windows.

I rebooted and ran mbam in safe mode and here is the log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8322

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

05/01/2012 08:19:56
mbam-log-2012-01-05 (08-19-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 695275
Time elapsed: 1 hour(s), 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FiqVFmUcesohLm.exe (Trojan.FakeAlert) -> Value: FiqVFmUcesohLm.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\fiqvfmucesohlm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28\6110149c-62685924 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I then ran unhide.exe to restore my start menu (read about that on another board).

However my internet is still pretty slow especially using firefox and every so often I get a popup window telling me I am a winner or I can take one of the last free trials (not related to the site I'm on). Also sometimes when I do a Google search and click on a link, I get redirected to a different site.

I have tried running Avast Antirootkit, but it won't start even in safe mode.

Here is the mbam log from today:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: DEFAULT [administrator]

08/01/2012 12:20:57
mbam-log-2012-01-08 (12-20-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200328
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and the GMER (note that most of the check boxes were greyed out (even in safe mode) I could only run it with Services, Registry and Files ticked:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 12:56:51
Windows 6.1.7600
Running: xc37gd9f.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60111e7
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x1D 0x63 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x9E 0x31 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x18 0x2B 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60111e7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x1D 0x63 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x9E 0x31 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x18 0x2B 0xE2 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7IDN32Y3.txt 0 bytes
File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\570FKOVV.txt 67 bytes

---- EOF - GMER 1.0.15 ----

Also when ever I restart the laptop, mbam stops working when I click the link I get an error about a missing mbam .sys file and I have to reinstall

Hope you can help.

Bobbye · Jan 8, 2012

Welcome to TechSpot! I'll help with the malware, but will start off with 2 cautions:

1. Do not follow instructions given to someone on another thread. Although we may have you run some of the same programs, we review the logs and give the user specific information for their problem. That includes the scan that are run, the order they are run in and any paticulars for that user only.

2. Please do not run any scans or cleaning programs while I am helping you except for those I instruct you to run.
=========================================
I am not sure whether you are working from our thread so here it is:

Please follow the steps in the Preliminary Virus and Malware Removal thread HEREhttps://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

You do not mention running DDS. Please refer to the link in the thread> it will produce 2 logs. Programs are to be run in Normal Mode unless told otherwise.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
====================================
Please disable Avast Antirootkit,
==================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe

& follow the prompts.
If prompted for Recovery Console, please allow.
Once installed, you should see a blue screen prompt that says:
- The Recovery Console was successfully installed.[/b]
- Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
- Note: No query will be made if the Recovery Console is already on the system.
.Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)
.Close any open browsers.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan
Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer
Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
Continue with the directions.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==========================================
You do not need to rerun GMER or MAlwarebytes again at this time. Please leave logs for DDS (2), Combofix and Eset in your next reply.
==========================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

lesterw · Jan 9, 2012

Thanks for agreeing to help me.

DDS logs:

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 21:02:48 on 2012-01-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4021.1920 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 69.147.249.24:49331
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [PC Suite Tray] "D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [VTP] C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe watcher
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [BigPondWirelessBroadbandCM] "D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - D:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - G:\Program Files\WinZip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: rbworld.lv\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} - hxxps://www.rbworld.lv/MSSignData.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\254514130343636575D2646314642464 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\77C616E6D21607 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE8AD5A7-6272-40C3-ADF9-DED29FFD5448} : DhcpNameServer = 61.9.133.193 61.9.195.193
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [VTP] C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe watcher
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun-x64: [BigPondWirelessBroadbandCM] "D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62gtt5dw.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-29 14904]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-9-2 308080]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-29 2314240]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 652872]
S2 OracleDBConsoledove02;OracleDBConsoledove02;D:\app\Administrator\product\11.2.0\dbhome_1\BIN\nmesrvc.exe [2010-8-18 49152]
S2 OracleJobSchedulerDOVE02;OracleJobSchedulerDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 [?]
S2 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;D:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY

:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> D:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY

:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;D:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR --> D:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR [?]
S2 OracleServiceDOVE02;OracleServiceDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 [?]
S2 OracleVssWriterDOVE02;Oracle DOVE02 VSS Writer Service;d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 [?]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\system32\DRIVERS\swiwdmbusx64.sys --> C:\Windows\system32\DRIVERS\swiwdmbusx64.sys [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2009-12-29 44312]
S4 VodafoneConnectorService;Vodafone Connector Service;C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [2008-12-1 233472]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-08 12:09:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\offreg.dll
2012-01-08 03:21:09 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-01-07 23:54:16 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-07 23:37:47 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-07 15:19:11 -------- d--h--w- C:\ProgramData\Common Files
2012-01-07 15:15:29 -------- d-----w- C:\ProgramData\AVG2012
2012-01-07 14:56:59 -------- d-----w- C:\ProgramData\MFAData
2012-01-07 01:42:13 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla
2012-01-06 13:31:05 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-06 13:01:49 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 07:55:01 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\mpengine.dll
2012-01-05 19:50:49 -------- d-s---w- C:\ComboFix
2012-01-05 19:46:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-27 00:18:03 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Affilorama
2011-12-15 11:04:06 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 11:04:01 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-15 11:04:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-15 11:02:24 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 11:02:23 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 11:02:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 11:02:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 11:02:20 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2012-01-07 22:02:53 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-12-15 11:29:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 22:50:00 6534 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 21:11:45.32 ===============

lesterw · Jan 9, 2012

DDS attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/02/2010 08:42:44
System Uptime: 08/01/2012 20:50:29 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N61Jq
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 51.142 GiB free.
D: is FIXED (NTFS) - 432 GiB total, 367.2 GiB free.
E: is Removable
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP386: 05/01/2012 19:52:32 - ComboFix created restore point
RP387: 06/01/2012 07:54:34 - Windows Update
RP388: 06/01/2012 12:44:02 - Removed AGT Pro - Betfair
RP389: 06/01/2012 13:01:42 - Installed HiJackThis
RP390: 07/01/2012 15:07:37 - Installed AVG 2012
RP391: 07/01/2012 15:11:38 - Installed AVG 2012
RP392: 07/01/2012 23:06:14 - Removed AVG 2012
RP393: 07/01/2012 23:10:46 - Removed AVG 2012
RP394: 07/01/2012 23:35:56 - Installed Ad-Aware
RP395: 07/01/2012 23:37:22 - Installed Ad-Aware
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)
2007 Microsoft Office system
Acrobat.com
Action Replay Code Manager
Activation Assistant for the 2007 Microsoft Office suites
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3.1 MUI
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alcor Micro USB Card Reader
Alice Greenfingers
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS_N_Series_Screensaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
AutoCashAndroid Platinum
AviSynth 2.5
AVStoDVD 2.3.0
BettorsBot
Bing Bar
Camtasia Studio 6
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders v1.30
Choice Guard
ControlDeck
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink Power2Go
CyberLink PowerDVD 9
DPG 3.0
Dream Day Wedding Married in Manhattan
e-Record 6
ESET Online Scanner v3
Express Gate
FileZilla Client 3.3.3
FLV Player 2.0 (build 25)
Game Park Console
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.452
GoWin!The Football Forecaster Deluxe Edition 2011
Hama Double Action Air Grip
HiJackThis
Horse Racing Crazy Bot
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
ImageMixer 3 SE Ver.3
ImgBurn
Impact PopUp 1.0
Intel(R) Management Engine Components
Island Wars 2
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 18
Junk Mail filter update
LMT Internet
Malwarebytes Anti-Malware version 1.60.0.1800
Marble Blast Gold Demo (remove only)
MarketFeeder Pro 6.4.1
MarketFeederPro 6.5.0.23
Meridian Software
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Access MUI (Chinese (Simplified)) 2007
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access MUI (Thai) 2007
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help ¸üÐÂ (KB963678)
Microsoft Office Excel 2007 Help ©ºÑºÍÑ¾à´· (KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2007 Help ¸üÐÂ (KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Outlook MUI (Thai) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office Powerpoint 2007 Help ¸üÐÂ (KB963669)
Microsoft Office Powerpoint 2007 Help ©ºÑºÍÑ¾à´· (KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Publisher MUI (Thai) 2007
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help ¸üÐÂ (KB963665)
Microsoft Office Word 2007 Help ©ºÑºÍÑ¾à´· (KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Moyea Flash Video MX Pro Version: 5.0.16.932
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NEC Electronics USB 3.0 Host Controller Driver
Nokia Connectivity Cable Driver
Nokia PC Suite
OpenOffice.org 3.2
Oracle Data Provider for .NET Help
PC Connectivity Solution
PDF Settings
Peltarion Synapse
Piggly
PL/SQL Developer
Playinator 3 Professional
QuickTime
RapidMiner 5
Realtek High Definition Audio Driver
S3 Ripper 2.0
Safari
Safebet Investment Plan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Simpo PDF to Word 2.0.1.0
Skype™ 5.5
Smileyville
Solid MP4 Video Converter 3.8.5
SONIC HEROES
SONIC HEROES TRIAL
Swarm 3.0
Swarm Spawn 1.0.0
Telstra Mobile Broadband Manager
TextPad 5
The Staking Machine V2.0
TheBestSpinner
Traffic Travis 4.1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update or Uninstall SENukeX
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.0.5
Vodafone Mobile Connect Smartplug
Vodafone Mobile Connect via the phone
Web CEO 8.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
WinRAR archiver
Wireless Console 3
Yahoo! Messenger
Yahoo!7 Messenger
YouTube Downloader 2.7.4
.
==== Event Viewer Messages From Past Week ========
.
08/01/2012 21:02:36, Error: Service Control Manager [7034] - The OracleDBConsoledove02 service terminated unexpectedly. It has done this 1 time(s).
08/01/2012 20:59:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
08/01/2012 20:54:39, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
08/01/2012 20:54:39, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
08/01/2012 13:20:45, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
08/01/2012 11:53:43, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08/01/2012 11:50:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/01/2012 11:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/01/2012 11:49:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08/01/2012 11:49:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:49, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/01/2012 11:49:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/01/2012 11:49:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
08/01/2012 11:49:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/01/2012 11:49:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/01/2012 11:49:23, Error: sptd [4] - Driver detected an internal error in its data structures for .
08/01/2012 08:13:00, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/01/2012 22:48:11, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
07/01/2012 22:04:18, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
07/01/2012 21:59:19, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/01/2012 21:59:15, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/01/2012 21:59:15, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/01/2012 21:59:10, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/01/2012 15:46:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
07/01/2012 15:44:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
07/01/2012 15:44:59, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:44:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
07/01/2012 15:44:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
07/01/2012 15:44:29, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:43:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiServiceHost service.
07/01/2012 15:43:59, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:43:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
07/01/2012 15:43:29, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:42:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
07/01/2012 15:42:59, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:42:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
07/01/2012 15:42:29, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:41:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ServiceLayer service to connect.
07/01/2012 15:41:58, Error: Service Control Manager [7000] - The ServiceLayer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/01/2012 15:36:40, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
06/01/2012 23:29:01, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
06/01/2012 07:43:07, Error: Service Control Manager [7023] - The OracleMTSRecoveryService service terminated with the following error: The wait operation timed out.
05/01/2012 11:31:32, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/01/2012 11:25:09, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/01/2012 08:29:48, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
05/01/2012 08:26:48, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
05/01/2012 08:24:48, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
05/01/2012 08:24:48, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05/01/2012 08:24:48, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05/01/2012 08:24:48, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
05/01/2012 08:23:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05/01/2012 08:23:32, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/01/2012 07:04:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
04/01/2012 05:29:28, Error: Service Control Manager [7034] - The OracleOraDb11g_home1TNSListener service terminated unexpectedly. It has done this 1 time(s).
04/01/2012 05:29:00, Error: Service Control Manager [7034] - The Oracle DOVE02 VSS Writer Service service terminated unexpectedly. It has done this 1 time(s).
04/01/2012 05:28:56, Error: Service Control Manager [7034] - The OracleOraDb11g_home1ClrAgent service terminated unexpectedly. It has done this 1 time(s).
04/01/2012 05:28:53, Error: Service Control Manager [7034] - The OracleServiceDOVE02 service terminated unexpectedly. It has done this 1 time(s).
04/01/2012 04:41:52, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.1.1.4 with the system having network hardware address 00-24-01-EE-D1-0F. Network operations on this system may be disrupted as a result.
01/01/2012 04:37:49, Error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

lesterw · Jan 9, 2012

ComboFix log:

ComboFix 12-01-07.03 - Administrator 08/01/2012 21:35:17.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4021.2176 [GMT 0:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 22:16 . 2012-01-08 22:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\offreg.dll
2012-01-08 03:21 . 2012-01-08 03:21 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-07 23:54 . 2012-01-07 23:53 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-07 23:37 . 2011-12-23 07:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-07 23:37 . 2012-01-07 23:37 -------- d-----w- c:\programdata\Lavasoft
2012-01-07 15:19 . 2012-01-07 15:19 -------- d--h--w- c:\programdata\Common Files
2012-01-07 15:15 . 2012-01-07 23:14 -------- d-----w- c:\programdata\AVG2012
2012-01-07 14:56 . 2012-01-07 23:13 -------- d-----w- c:\programdata\MFAData
2012-01-07 01:42 . 2012-01-07 01:42 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2012-01-06 13:31 . 2012-01-06 13:31 -------- d-----w- c:\program files (x86)\ESET
2012-01-06 13:01 . 2012-01-06 13:01 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 07:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\mpengine.dll
2011-12-27 00:18 . 2011-12-27 00:18 -------- d-----w- c:\users\Administrator\AppData\Roaming\Affilorama
2011-12-15 11:29 . 2011-12-15 11:29 -------- d-----w- c:\windows\system32\Macromed
2011-12-15 11:04 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 11:04 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 11:04 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-15 11:02 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 11:02 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 11:02 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 11:02 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 11:02 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 22:02 . 2010-02-07 22:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-12-15 11:29 . 2011-05-31 12:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 20:10 . 2011-11-25 20:10 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-23 22:50 . 2010-06-03 23:10 6534 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-01-22 210192]
"PC Suite Tray"="d:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VTP"="c:\program files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe" [2008-12-01 204800]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"BigPondWirelessBroadbandCM"="d:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.3.lnk - d:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2010-5-24 253952]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-12-29 156952]
WinZip Quick Pick.lnk - g:\program files\WinZip\WZQKPICK.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-07 2152152]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 BlackBox;BlackBox SR2; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R4 VodafoneConnectorService;Vodafone Connector Service;c:\program files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [2008-12-01 233472]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 OracleDBConsoledove02;OracleDBConsoledove02;d:\app\Administrator\product\11.2.0\dbhome_1\bin\nmesrvc.exe [2010-03-02 49152]
S2 OracleJobSchedulerDOVE02;OracleJobSchedulerDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 [x]
S2 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;d:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-02-28 38400]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]
S2 OracleServiceDOVE02;OracleServiceDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 [x]
S2 OracleVssWriterDOVE02;Oracle DOVE02 VSS Writer Service;d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-02 308080]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 08:15]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 08:15]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087994414-33227477-2167509355-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087994414-33227477-2167509355-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"combofix"="c:\combofix\CF23054.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigpond.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 69.147.249.24:49331
IE: Append to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: rbworld.lv\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\254514130343636575D2646314642464: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\77C616E6D21607: DhcpNameServer = 192.168.1.254
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} - hxxps://www.rbworld.lv/MSSignData.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62gtt5dw.default\
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="d:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:d:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]
"ImagePath"="d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,6a,1d,47,5b,09,f1,40,94,c4,60,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,6a,1d,47,5b,09,f1,40,94,c4,60,\
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\TextPad.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Excel.CSV"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="dat_auto_file"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.8"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htaccess\UserChoice]
@Denied: (2) (Administrator)
"Progid"="htaccess_auto_file"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\TextPad.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\TextPad.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\TextPad.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nns\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\TextPad.exe"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ORA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ORA_auto_file"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]
@Denied: (2) (Administrator)
"Progid"="php_auto_file"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TPM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TPM_auto_file"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ttffile"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EXCEL.EXE"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe
d:\app\Administrator\product\11.2.0\dbhome_1\bin\omtsreco.exe
d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE
d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe
d:\app\Administrator\product\11.2.0\dbhome_1\bin\extproc.EXE
d:\app\Administrator\product\11.2.0\dbhome_1\perl\bin\perl.exe
d:\app\Administrator\product\11.2.0\dbhome_1\jdk\bin\java.exe
d:\app\Administrator\product\11.2.0\dbhome_1\bin\emagent.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-08 22:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 22:50
ComboFix2.txt 2012-01-05 11:53
.
Pre-Run: 54,815,404,032 bytes free
Post-Run: 54,529,019,904 bytes free
.
- - End Of File - - 10815BBA0697B9B6D148A66E8C99D0D2

No log from ESET: No Threats found.

More information on the mbam error I get on start up: mbamswissarmyknife,sys not found.

The problem of being redicrected to other sites from licks clicked in Google search is also present in Internet Explorer, but not in Chrome.

lesterw · Jan 10, 2012

OK, I think I have managed to fix it.

I tried various rootkit finders /fixers but they all wouldn't start (perhaps becuase I am running Windows 7 64 bit? Or maybe it was the virus)

Eventually I read about someone with the same problem - searches being redirected - and they suggested Kaspersky TDSSKiller

I downloaded and ran it and it found a rootkit in my Windows system32 folder. It fixed it and my laptop appears back to normal.

The mbam problem was fixed by running mbam-clean.exe from the mbam site and reinstalling.

So unless you think I need to run more checks, you can close this thread.

Bobbye · Jan 10, 2012

The subject of this thread is: Removed Trojan.FakeAlert but still having problems.

I cautioned you about following someone else's instructions.

This thread is closed.

[Close] Removed Trojan.FakeAlert but still having problems

lesterw

Bobbye

Posts: 16,313 +36

lesterw

lesterw

lesterw

lesterw

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts