Having some issues..very confused.

[M199]

Nvm.
Combo then Hijack.


ComboFix 11-07-06.03 - Amanda 07/06/2011 17:23:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4237 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.exe
c:\programdata\KBDCZ132.dll
c:\users\Amanda\11f5fe2a4b5bf2222732d4907dd8efeb.jpg
c:\users\Amanda\6a00d8341bfcfe53ef00e54f8f12648834-800wi.jpg
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\system32\service
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 21:41 . 2011-07-06 21:44 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-05 23:25 . 2011-07-05 23:25 -------- d-----w- c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
2011-07-05 23:11 . 2011-07-05 23:11 -------- d-----w- c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
2011-07-05 18:03 . 2011-07-05 18:03 -------- d-----w- c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
2011-07-04 15:51 . 2011-07-04 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
2011-07-04 03:33 . 2011-07-04 03:33 -------- d-----w- c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
2011-07-03 01:08 . 2011-07-03 01:09 -------- d-----w- c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
2011-07-02 05:12 . 2011-07-02 05:12 -------- d-----w- c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
2011-07-01 17:11 . 2011-07-01 17:12 -------- d-----w- c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
2011-07-01 05:11 . 2011-07-01 05:11 -------- d-----w- c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-30 17:11 . 2011-06-30 17:11 -------- d-----w- c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
2011-06-30 02:48 . 2011-06-30 02:49 -------- d-----w- c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-29 14:48 . 2011-06-29 14:48 -------- d-----w- c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
2011-06-28 20:10 . 2011-06-28 20:10 -------- d-----w- c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
2011-06-28 02:38 . 2011-06-28 02:39 -------- d-----w- c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 -------- d-----w- c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
2011-06-26 22:51 . 2011-06-26 22:51 -------- d-----w- c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
2011-06-25 14:40 . 2011-06-25 14:40 -------- d-----w- c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
2011-06-25 02:40 . 2011-06-25 02:40 -------- d-----w- c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
2011-06-24 04:14 . 2011-06-24 04:15 -------- d-----w- c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
2011-06-23 16:14 . 2011-06-23 16:14 -------- d-----w- c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
2011-06-22 16:47 . 2011-06-22 16:47 -------- d-----w- c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
2011-06-22 02:31 . 2011-06-22 02:31 -------- d-----w- c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
2011-06-21 14:31 . 2011-06-21 14:31 -------- d-----w- c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
2011-06-20 14:30 . 2011-06-20 14:30 -------- d-----w- c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
2011-06-20 02:29 . 2011-06-20 02:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
2011-06-19 14:29 . 2011-06-19 14:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
2011-06-18 19:51 . 2011-06-18 19:51 -------- d-----w- c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
2011-06-18 07:00 . 2011-06-18 07:00 -------- d-----w- c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
2011-06-17 18:21 . 2011-06-17 18:21 -------- d-----w- c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
2011-06-17 03:47 . 2011-06-17 03:47 -------- d-----w- c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
2011-06-16 15:46 . 2011-06-16 15:46 -------- d-----w- c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
2011-06-15 17:05 . 2011-06-15 17:06 -------- d-----w- c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 16:04 . 2011-06-14 16:04 -------- d-----w- c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
2011-06-14 04:03 . 2011-06-14 04:04 -------- d-----w- c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 16:03 . 2011-06-13 16:03 -------- d-----w- c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-12 16:02 . 2011-06-12 16:02 -------- d-----w- c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
2011-06-11 16:38 . 2011-06-11 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
2011-06-11 04:37 . 2011-06-11 04:38 -------- d-----w- c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
2011-06-10 16:37 . 2011-06-10 16:37 -------- d-----w- c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
2011-06-10 04:17 . 2011-06-10 04:18 -------- d-----w- c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
2011-06-09 16:17 . 2011-06-09 16:17 -------- d-----w- c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
2011-06-09 02:41 . 2011-06-09 02:41 -------- d-----w- c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
2011-06-08 14:41 . 2011-06-08 14:41 -------- d-----w- c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
2011-06-08 02:36 . 2011-06-08 02:36 -------- d-----w- c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 14:16 . 2011-06-07 14:17 -------- d-----w- c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59778
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
exefile="c:\windows\SysWOW64\config\systemprofile\AppData\Local\hcq.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{009A6416-669F-4147-8F1B-176A85CCE46a} - c:\windows\SysWow64\atiumdva32.dll
BHO-{010DBB78-2FED-4AED-A7E8-DC083989F51f} - c:\windows\SysWow64\atiumdva32.dll
BHO-{015113EC-A4E0-4FB1-9CE1-2140252DABE2} - c:\windows\SysWow64\atiumdva32.dll
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-e466e1645b951d29a0bcbe4576d3713d - c:\users\Amanda\DOWNLO~1\RI1FB0~1.EXE
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Gateway Photo Frame - c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Gateway Game Console - c:\program files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe
AddRemove-MAGIX Speed 2 UK - c:\program files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WT046831 - c:\program files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT046838 - c:\program files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT046859 - c:\program files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT046882 - c:\program files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe
AddRemove-WT046884 - c:\program files (x86)\Gateway Games\FATE\Uninstall.exe
AddRemove-WT046904 - c:\program files (x86)\Gateway Games\Polar Bowler\Uninstall.exe
AddRemove-WT046906 - c:\program files (x86)\Gateway Games\Polar Golfer\Uninstall.exe
AddRemove-WT046908 - c:\program files (x86)\Gateway Games\Polar Pool\Uninstall.exe
AddRemove-WT046910 - c:\program files (x86)\Gateway Games\The Price is Right\Uninstall.exe
AddRemove-WT046928 - c:\program files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT070562 - c:\program files (x86)\Gateway Games\Success Story\Uninstall.exe
AddRemove-WT071801 - c:\program files (x86)\Gateway Games\Zoo Vet\Uninstall.exe
AddRemove-WT072374 - c:\program files (x86)\Gateway Games\Burger Island\Uninstall.exe
AddRemove-WT072473 - c:\program files (x86)\Gateway Games\Chocolatier - Decadence by Design\Uninstall.exe
AddRemove-WT072477 - c:\program files (x86)\Gateway Games\Ciao Bella\Uninstall.exe
AddRemove-WT072769 - c:\program files (x86)\Gateway Games\Dress Shop Hop\Uninstall.exe
AddRemove-WT072823 - c:\program files (x86)\Gateway Games\Family Feud Hollywood Edition\Uninstall.exe
AddRemove-WT072848 - c:\program files (x86)\Gateway Games\Feeding Frenzy 2\Uninstall.exe
AddRemove-WT072867 - c:\program files (x86)\Gateway Games\FishCo\Uninstall.exe
AddRemove-WT072885 - c:\program files (x86)\Gateway Games\Fish Tycoon\Uninstall.exe
AddRemove-WT073317 - c:\program files (x86)\Gateway Games\Lemonade Tycoon 2\Uninstall.exe
AddRemove-WT074007 - c:\program files (x86)\Gateway Games\Stand O' Food\Uninstall.exe
AddRemove-WT074201 - c:\program files (x86)\Gateway Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT074261 - c:\program files (x86)\Gateway Games\Westward\Uninstall.exe
AddRemove-WT074344 - c:\program files (x86)\Gateway Games\Winemaker Extraordinaire\Uninstall.exe
AddRemove-WT075246 - c:\program files (x86)\Gateway Games\Jane's Zoo\Uninstall.exe
AddRemove-WT076382 - c:\program files (x86)\Gateway Games\3 Days - Zoo Mystery\Uninstall.exe
AddRemove-WT078827 - c:\program files (x86)\Gateway Games\Nanny 911\Uninstall.exe
AddRemove-WT079516 - c:\program files (x86)\Gateway Games\Deer Drive\Uninstall.exe
AddRemove-WT079573 - c:\program files (x86)\Gateway Games\MONOPOLY Build-a-lot Edition\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-07-06 17:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 21:50
.
Pre-Run: 397,411,774,464 bytes free
Post-Run: 400,064,819,200 bytes free
.
- - End Of File - - D882E408958C4C8116865FFB322E91B6


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:05 PM, on 7/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ModLedKey.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59778
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll
O2 - BHO: (no name) - {009A6416-669F-4147-8F1B-176A85CCE46a} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {010DBB78-2FED-4AED-A7E8-DC083989F51f} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {015113EC-A4E0-4FB1-9CE1-2140252DABE2} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: HopalustRdp - {705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Function Discovery Resource Publication (FDResPub32) - Unknown owner - c:\windows\system32\mfc7132.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 12258 bytes

 

[johnb35]

Ok, you will have to give me some time to post my next reply. If you have something to do, go ahead and do it and check back later. I need to get something to eat and maybe run an errand.

Before you go though, please navigate to c:\qoobox and in that folder will be a file named add-remove programs.txt. Please open that file and copy and paste the contents back here.

 

[M199]

Here you go

Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.5
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Aleks 3.12
Any Video Converter 2.7.6
Apple Application Support
Apple Software Update
Belkin Wireless USB Adapter Setup
CamStudio
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX120 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
D3DX10
DivX Plus Web Player
Firebird SQL Server - MAGIX Edition
Gateway Recovery Management
GIMP 2.6.9
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HopalustRdp
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Joydesk Games Setup - Arcade
KB0817 Keyboard Driver
MAGIX Music Maker 17 Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes' Anti-Malware version 1.51.0.1200
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
muvee Plugin 1.0
QuickTime
Realtek High Definition Audio Driver
RennerPro e2 v2.02j
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skins
Sony Media Manager 2.2
Sony Vegas 7.0b
Text-To-Speech-Runtime
The Weather Channel Desktop 6
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar



And thank you for your help so far. Greatly appreciated.

 

[johnb35]

A few things to do here.

1.

Please uninstall the following programs.

Java(TM) 6 Update 22
Java(TM) 6 Update 5

Then go here to install the latest version of Java.

http://www.java.com/en/download/index.jsp


2.

Rerun hijackthis and place checks next to the following entries.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:59778
O2 - BHO: (no name) - {009A6416-669F-4147-8F1B-176A85CCE46a} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {010DBB78-2FED-4AED-A7E8-DC083989F51f} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {015113EC-A4E0-4FB1-9CE1-2140252DABE2} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O22 - SharedTaskScheduler: HopalustRdp - {705FB965-7459-4644-BF5E-12152519A1D8} - (no file)

Then click on fix checked at the bottom.


3.

Please move the combofix file to your desktop screen so you can perform the following procedure.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Dirlook::
c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21E E389F73B8D1702B320485DF8CE.1
c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[johnb35]

Oh and I forgot one thing.

I need you to go to Virustotal and upload this file.

c:\windows\SysWow64\MFC7132.exe

When the page loads, click on browse and navigate to the that file and click on send file. And then when you get the results give me the link of webaddress so I can look at it.

 

[M199]

Hm.. not finding that file when I browse? Do I do this after I do whats in your first post?

 

[johnb35]

You can do it before if you want. Are you in the syswow64 folder?

 

[M199]

Found it,
http://www.virustotal.com/file-scan...d8998196f962e0b4ead0939ffa695d2e58-1309998637

 

[M199]

Got this when I went to fix the entries..

 

[johnb35]

Ok, that file is a nasty so we need to get rid of it to.

Right click on hijackthis and click on "run as" and then perform the action. If you don't get the "run as" option to appear then press and hold the shift key while right clicking on hijackthis to ge the "run as"option to appear.

Go ahead and run the combofix script I gave you and then I'll add the deletion of the nasty file to the next script I give you.

 

[M199]

Hm.. got this too.
Do I just let it, then run to combo like you said?

 

[johnb35]

Yep, let it run and then run the combofix script i gave you after you move the combofix file from your downloads directory to the desktop.

 

[M199]

Done
Here's the new combo log

ComboFix 11-07-06.04 - Amanda 07/06/2011 21:14:38.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4113 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.dll
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 01:36 . 2011-06-24 03:18 565248 ----a-w- c:\programdata\atiumdva32.exe
2011-07-07 01:36 . 2011-07-07 01:38 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-07 01:36 . 2011-07-07 01:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-07-07 01:36 . 2011-07-07 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 01:36 . 2011-07-07 01:36 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-07 00:39 . 2011-07-07 00:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-05 23:25 . 2011-07-05 23:25 -------- d-----w- c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
2011-07-05 23:11 . 2011-07-05 23:11 -------- d-----w- c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
2011-07-05 18:03 . 2011-07-05 18:03 -------- d-----w- c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
2011-07-04 15:51 . 2011-07-04 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
2011-07-04 03:33 . 2011-07-04 03:33 -------- d-----w- c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
2011-07-03 01:08 . 2011-07-03 01:09 -------- d-----w- c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
2011-07-02 05:12 . 2011-07-02 05:12 -------- d-----w- c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
2011-07-01 17:11 . 2011-07-01 17:12 -------- d-----w- c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
2011-07-01 05:11 . 2011-07-01 05:11 -------- d-----w- c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-30 17:11 . 2011-06-30 17:11 -------- d-----w- c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
2011-06-30 02:48 . 2011-06-30 02:49 -------- d-----w- c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-29 14:48 . 2011-06-29 14:48 -------- d-----w- c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
2011-06-28 20:10 . 2011-06-28 20:10 -------- d-----w- c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
2011-06-28 02:38 . 2011-06-28 02:39 -------- d-----w- c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 -------- d-----w- c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
2011-06-26 22:51 . 2011-06-26 22:51 -------- d-----w- c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
2011-06-25 14:40 . 2011-06-25 14:40 -------- d-----w- c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
2011-06-25 02:40 . 2011-06-25 02:40 -------- d-----w- c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
2011-06-24 04:14 . 2011-06-24 04:15 -------- d-----w- c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
2011-06-23 16:14 . 2011-06-23 16:14 -------- d-----w- c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
2011-06-22 16:47 . 2011-06-22 16:47 -------- d-----w- c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
2011-06-22 02:31 . 2011-06-22 02:31 -------- d-----w- c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
2011-06-21 14:31 . 2011-06-21 14:31 -------- d-----w- c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
2011-06-20 14:30 . 2011-06-20 14:30 -------- d-----w- c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
2011-06-20 02:29 . 2011-06-20 02:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
2011-06-19 14:29 . 2011-06-19 14:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
2011-06-18 19:51 . 2011-06-18 19:51 -------- d-----w- c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
2011-06-18 07:00 . 2011-06-18 07:00 -------- d-----w- c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
2011-06-17 18:21 . 2011-06-17 18:21 -------- d-----w- c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
2011-06-17 03:47 . 2011-06-17 03:47 -------- d-----w- c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
2011-06-16 15:46 . 2011-06-16 15:46 -------- d-----w- c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
2011-06-15 17:05 . 2011-06-15 17:06 -------- d-----w- c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 16:04 . 2011-06-14 16:04 -------- d-----w- c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
2011-06-14 04:03 . 2011-06-14 04:04 -------- d-----w- c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 16:03 . 2011-06-13 16:03 -------- d-----w- c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-12 16:02 . 2011-06-12 16:02 -------- d-----w- c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
2011-06-11 16:38 . 2011-06-11 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
2011-06-11 04:37 . 2011-06-11 04:38 -------- d-----w- c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
2011-06-10 16:37 . 2011-06-10 16:37 -------- d-----w- c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
2011-06-10 04:17 . 2011-06-10 04:18 -------- d-----w- c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
2011-06-09 16:17 . 2011-06-09 16:17 -------- d-----w- c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
2011-06-09 02:41 . 2011-06-09 02:41 -------- d-----w- c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
2011-06-08 14:41 . 2011-06-08 14:41 -------- d-----w- c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
2011-06-08 02:36 . 2011-06-08 02:36 -------- d-----w- c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 14:16 . 2011-06-07 14:17 -------- d-----w- c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:38 . 2010-07-25 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972} ----
.
.
---- Directory of c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1} ----
.
.
---- Directory of c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21E E389F73B8D1702B320485DF8CE.1 ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_21.44.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-07-06 21:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-06 22:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-06 22:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-06 22:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-07-07 01:39 87734 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-07-07 01:39 97024 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-09 00:10 . 2011-07-07 01:39 20972 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819834726-533737158-1913216436-1000_UserData.bin
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-07 01:37 . 2011-07-07 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-07 01:37 . 2011-07-07 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 00:39 . 2011-07-07 00:38 157472 c:\windows\SysWOW64\javaws.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\java.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\java.exe
- 2010-11-12 04:49 . 2011-07-06 21:42 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-12 04:49 . 2011-07-07 01:36 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-07 00:39 . 2011-07-07 00:39 203776 c:\windows\Installer\9d68ec.msi
+ 2011-07-07 00:38 . 2011-07-07 00:38 675840 c:\windows\Installer\9d68de.msi
- 2010-11-12 04:49 . 2011-07-06 21:42 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
+ 2010-11-12 04:49 . 2011-07-07 01:36 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{009A6416-669F-4147-8F1B-176A85CCE46a}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{010DBB78-2FED-4AED-A7E8-DC083989F51f}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{015113EC-A4E0-4FB1-9CE1-2140252DABE2}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{005C3BD7-7E45-425D-AE16-69460AD19D6b} - c:\windows\SysWow64\atiumdva32.dll
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
"{005C3BD7-7E45-425D-AE16-69460AD19D6B}"=hex:51,66,7a,6c,4c,1d,38,12,b9,38,4f,
04,77,30,33,07,d1,00,2a,06,0f,8f,d9,7f
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2011-07-06 21:45:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-07 01:45
ComboFix2.txt 2011-07-06 21:50
.
Pre-Run: 397,570,338,816 bytes free
Post-Run: 397,863,190,528 bytes free
.
- - End Of File - - AB6EC6C292003453A34EF6B1043B9DEF

 

[johnb35]

okay, another script to run.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Folder::

c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21E E389F73B8D1702B320485DF8CE.1
c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}

File::

c:\windows\SysWow64\MFC7132.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


Then do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

 

[M199]

New combo then the last steps log..
By looking at this I see a lot of 'troj'. That would come up on my trend micro too. Do I have a trojan horse?

ComboFix 11-07-07.02 - Amanda 07/07/2011 11:03:36.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4236 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\MFC7132.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.dll
c:\programdata\atiumdva32.exe
c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\install.rdf
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 15:24 . 2011-07-07 15:26 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-07 15:24 . 2011-07-07 15:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-07-07 15:24 . 2011-07-07 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 15:24 . 2011-07-07 15:24 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-07 00:39 . 2011-07-07 00:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:38 . 2010-07-25 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_21.44.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-07-06 21:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-07 02:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-07 02:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-07 02:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-07-07 15:27 87912 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-07-07 15:27 97040 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-09 00:10 . 2011-07-07 01:39 20972 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819834726-533737158-1913216436-1000_UserData.bin
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-07 15:25 . 2011-07-07 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-07 15:25 . 2011-07-07 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 00:39 . 2011-07-07 00:38 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\javaw.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\javaw.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\java.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\java.exe
- 2009-08-09 17:38 . 2011-07-06 14:42 305860 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-08-09 17:38 . 2011-07-07 14:57 305860 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-11-12 04:49 . 2011-07-06 21:42 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-12 04:49 . 2011-07-07 15:24 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-07 00:39 . 2011-07-07 00:39 203776 c:\windows\Installer\9d68ec.msi
+ 2011-07-07 00:38 . 2011-07-07 00:38 675840 c:\windows\Installer\9d68de.msi
- 2010-11-12 04:49 . 2011-07-06 21:42 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
+ 2010-11-12 04:49 . 2011-07-07 15:24 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{005C3BD7-7E45-425D-AE16-69460AD19D6b}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{009A6416-669F-4147-8F1B-176A85CCE46a}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{010DBB78-2FED-4AED-A7E8-DC083989F51f}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{015113EC-A4E0-4FB1-9CE1-2140252DABE2}]
c:\windows\SysWow64\atiumdva32.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
"{005C3BD7-7E45-425D-AE16-69460AD19D6B}"=hex:51,66,7a,6c,4c,1d,38,12,b9,38,4f,
04,77,30,33,07,d1,00,2a,06,0f,8f,d9,7f
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
.
**************************************************************************
.
Completion time: 2011-07-07 11:32:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-07 15:32
ComboFix2.txt 2011-07-07 01:45
ComboFix3.txt 2011-07-06 21:50
.
Pre-Run: 398,012,280,832 bytes free
Post-Run: 397,691,637,760 bytes free
.
- - End Of File - - 0F6B31598D394122F952681BAC6C046F



C:\Qoobox\Quarantine\C\ProgramData\atiumdva32.exe.vir probably a variant of Win32/TrojanDownloader.Agent.BLHNAIM trojan
C:\Qoobox\Quarantine\C\ProgramData\KBDCZ132.dll.vir probably a variant of Win32/TrojanDownloader.Agent.HIVKBDM trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{49f47bbd-32ed-49c3-82ab-9affdc67d001}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\atiumdva32.dll.vir a variant of Win32/Kryptik.PQF trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-74eed42a multiple threats
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-3e184666 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-4bc2f6c7 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-55a84f31 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-5a64089a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-73971878 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-761bca28 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\33562790-129a35ec Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-66ff3c47 probably a variant of Win32/Agent.KBEESLR trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\57f6ba56-5f63f049 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ff6a7d8-11c4065f Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-2a06ebf2 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-3ce3e01d a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\f29bcdf-27e3e071 multiple threats
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\1bddbe67-5e80516e Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6fedd8a9-239e7bc9 multiple threats
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-47c46c03 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6e97d631-1c46fecb Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\63aaf5b8-4e3e7244 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Amanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\9b78b7f-5f647917 probably a variant of Win32/Agent.KBEESLR trojan
C:\Users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\14852C7\stormwarningss.msi multiple threats
C:\Users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\FA366A1\stormwarningss.msi multiple threats
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Users\Amanda\Downloads\7artChristmasLand3DInst.exe multiple threats
C:\Users\Amanda\Downloads\moviebar_us_z(2).exe Win32/Toolbar.Zugo application
C:\Users\Amanda\Downloads\moviebar_us_z(3).exe Win32/Toolbar.Zugo application
C:\Users\Amanda\Downloads\moviebar_us_z.exe Win32/Toolbar.Zugo application
C:\Windows\System32\MFC7132.exe probably a variant of Win32/TrojanDownloader.Agent.BLHNAIM trojan
C:\Windows\SysWOW64\MFC7132.exe probably a variant of Win32/TrojanDownloader.Agent.BLHNAIM trojan

 

[johnb35]

Please do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Folder::
c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21E E389F73B8D1702B320485DF8CE.1

File::
C:\Users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\14852C7\stormwarningss.msi multiple threats
C:\Users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\FA366A1\stormwarningss.msi multiple threats
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome.manifest  
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome\xulcache.jar  
C:\Users\Amanda\Downloads\7artChristmasLand3DInst.exe  
C:\Users\Amanda\Downloads\moviebar_us_z(3).exe  
C:\Users\Amanda\Downloads\moviebar_us_z.exe  
C:\Windows\System32\MFC7132.exe  
C:\Windows\SysWOW64\MFC7132.exe   
c:\programdata\atiumdva32.exe

Registry::

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{005C3BD7-7E45-425D-AE16-69460AD19D6b}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{009A6416-669F-4147-8F1B-176A85CCE46a}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{010DBB78-2FED-4AED-A7E8-DC083989F51f}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{015113EC-A4E0-4FB1-9CE1-2140252DABE2}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


Then go here and follow the directions to delete the java cache files.

http://www.java.com/en/download/help/plugin_cache.xml

 

[M199]

Here we are.

ComboFix 11-07-07.05 - Amanda 07/07/2011 21:00:02.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.3844 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\atiumdva32.exe"
"c:\users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\14852C7\stormwarningss.msi multiple threats"
"c:\users\Amanda\AppData\Roaming\FileSubmit\stormwarningss\install\FA366A1\stormwarningss.msi multiple threats"
"c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome.manifest"
"c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome\xulcache.jar"
"c:\users\Amanda\Downloads\7artChristmasLand3DInst.exe"
"c:\users\Amanda\Downloads\moviebar_us_z(3).exe"
"c:\users\Amanda\Downloads\moviebar_us_z.exe"
"c:\windows\System32\MFC7132.exe"
"c:\windows\SysWOW64\MFC7132.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amanda\AppData\Local\Temp\07072054-000008b4-6wwhup5hml\tmp1723.tmp
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{b32afd51-1d5c-42eb-9cf2-91f2af93c6dd}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 01:22 . 2011-07-08 01:22 357376 ----a-w- c:\windows\SysWow64\atiumdva32.dll
2011-07-08 01:22 . 2011-06-24 03:18 565248 ----a-w- c:\programdata\atiumdva32.exe
2011-07-08 01:21 . 2011-07-08 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-07-08 01:21 . 2011-07-08 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 01:21 . 2011-07-08 01:21 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-08 00:54 . 2011-07-08 00:54 -------- d-----w- c:\users\Amanda\AppData\Local\{AA0416E0-8EDB-49F3-A75E-C7AD2CB9B336}
2011-07-07 17:36 . 2011-07-07 17:36 8896 --sha-w- c:\programdata\findnetprinters32.dll
2011-07-07 17:04 . 2011-07-07 17:04 8896 --sha-w- c:\programdata\certenc32.dll
2011-07-07 16:31 . 2011-07-07 16:31 8896 --sha-w- c:\programdata\KBDDIV132.dll
2011-07-07 15:58 . 2011-07-07 15:58 8896 --sha-w- c:\programdata\atiumdva32.dll
2011-07-07 15:34 . 2011-07-07 15:34 -------- d-----w- c:\program files (x86)\ESET
2011-07-07 15:32 . 2011-07-08 01:51 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-07 00:39 . 2011-07-07 00:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-01 02:29 . 2011-06-24 03:18 565248 ------w- c:\windows\SysWow64\MFC7132.exe
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:38 . 2010-07-25 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_21.44.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-07-06 21:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-07 15:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-07 15:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-07 15:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-06 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-07-07 15:27 87912 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-07-07 15:27 97040 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-09 00:10 . 2011-07-07 01:39 20972 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819834726-533737158-1913216436-1000_UserData.bin
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-08 01:23 . 2011-07-08 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-08 01:23 . 2011-07-08 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-06 21:43 . 2011-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 00:39 . 2011-07-07 00:38 157472 c:\windows\SysWOW64\javaws.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\javaw.exe
- 2010-10-27 22:35 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\java.exe
+ 2011-07-07 00:39 . 2011-07-07 00:38 145184 c:\windows\SysWOW64\java.exe
+ 2009-08-09 17:38 . 2011-07-07 20:27 306092 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-11-12 04:49 . 2011-07-06 21:42 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-12 04:49 . 2011-07-08 01:22 441820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-07 00:39 . 2011-07-07 00:39 203776 c:\windows\Installer\9d68ec.msi
+ 2011-07-07 00:38 . 2011-07-07 00:38 675840 c:\windows\Installer\9d68de.msi
- 2010-11-12 04:49 . 2011-07-06 21:42 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
+ 2010-11-12 04:49 . 2011-07-08 01:22 4897704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819834726-533737158-1913216436-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
"{005C3BD7-7E45-425D-AE16-69460AD19D6B}"=hex:51,66,7a,6c,4c,1d,38,12,b9,38,4f,
04,77,30,33,07,d1,00,2a,06,0f,8f,d9,7f
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
.
**************************************************************************
.
Completion time: 2011-07-07 21:53:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-08 01:53
ComboFix2.txt 2011-07-07 15:32
ComboFix3.txt 2011-07-07 01:45
ComboFix4.txt 2011-07-06 21:50
.
Pre-Run: 396,727,746,560 bytes free
Post-Run: 395,902,644,224 bytes free
.
- - End Of File - - E1C14E0177C3BB13CA40C22318C74893






Also got this as combo was finishing. Said it wanted to 'upload some files to server' ;

 

[M199]

Oh, and going to the 2nd step. I don't see a Java Icon on my control panel?

 

[johnb35]

Oh, and going to the 2nd step. I don't see a Java Icon on my control panel?

did you install the latest version from my post i gave you here?

http://www.computerforum.com/198003-having-some-issues-very-confused-2.html#post1650805

I'm working on your combofix log now, it seems there are still issues going on.

 

[M199]

I did.
I had to go to my tools>java console to get to the control panel for java. So I'm doing step 2 now.

-done