Nvm.
Combo then Hijack.
ComboFix 11-07-06.03 - Amanda 07/06/2011 17:23:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4237 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.exe
c:\programdata\KBDCZ132.dll
c:\users\Amanda\11f5fe2a4b5bf2222732d4907dd8efeb.jpg
c:\users\Amanda\6a00d8341bfcfe53ef00e54f8f12648834-800wi.jpg
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\system32\service
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 21:41 . 2011-07-06 21:44 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-05 23:25 . 2011-07-05 23:25 -------- d-----w- c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
2011-07-05 23:11 . 2011-07-05 23:11 -------- d-----w- c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
2011-07-05 18:03 . 2011-07-05 18:03 -------- d-----w- c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
2011-07-04 15:51 . 2011-07-04 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
2011-07-04 03:33 . 2011-07-04 03:33 -------- d-----w- c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
2011-07-03 01:08 . 2011-07-03 01:09 -------- d-----w- c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
2011-07-02 05:12 . 2011-07-02 05:12 -------- d-----w- c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
2011-07-01 17:11 . 2011-07-01 17:12 -------- d-----w- c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
2011-07-01 05:11 . 2011-07-01 05:11 -------- d-----w- c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-30 17:11 . 2011-06-30 17:11 -------- d-----w- c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
2011-06-30 02:48 . 2011-06-30 02:49 -------- d-----w- c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-29 14:48 . 2011-06-29 14:48 -------- d-----w- c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
2011-06-28 20:10 . 2011-06-28 20:10 -------- d-----w- c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
2011-06-28 02:38 . 2011-06-28 02:39 -------- d-----w- c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 -------- d-----w- c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
2011-06-26 22:51 . 2011-06-26 22:51 -------- d-----w- c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
2011-06-25 14:40 . 2011-06-25 14:40 -------- d-----w- c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
2011-06-25 02:40 . 2011-06-25 02:40 -------- d-----w- c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
2011-06-24 04:14 . 2011-06-24 04:15 -------- d-----w- c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
2011-06-23 16:14 . 2011-06-23 16:14 -------- d-----w- c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
2011-06-22 16:47 . 2011-06-22 16:47 -------- d-----w- c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
2011-06-22 02:31 . 2011-06-22 02:31 -------- d-----w- c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
2011-06-21 14:31 . 2011-06-21 14:31 -------- d-----w- c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
2011-06-20 14:30 . 2011-06-20 14:30 -------- d-----w- c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
2011-06-20 02:29 . 2011-06-20 02:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
2011-06-19 14:29 . 2011-06-19 14:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
2011-06-18 19:51 . 2011-06-18 19:51 -------- d-----w- c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
2011-06-18 07:00 . 2011-06-18 07:00 -------- d-----w- c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
2011-06-17 18:21 . 2011-06-17 18:21 -------- d-----w- c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
2011-06-17 03:47 . 2011-06-17 03:47 -------- d-----w- c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
2011-06-16 15:46 . 2011-06-16 15:46 -------- d-----w- c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
2011-06-15 17:05 . 2011-06-15 17:06 -------- d-----w- c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 16:04 . 2011-06-14 16:04 -------- d-----w- c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
2011-06-14 04:03 . 2011-06-14 04:04 -------- d-----w- c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 16:03 . 2011-06-13 16:03 -------- d-----w- c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-12 16:02 . 2011-06-12 16:02 -------- d-----w- c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
2011-06-11 16:38 . 2011-06-11 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
2011-06-11 04:37 . 2011-06-11 04:38 -------- d-----w- c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
2011-06-10 16:37 . 2011-06-10 16:37 -------- d-----w- c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
2011-06-10 04:17 . 2011-06-10 04:18 -------- d-----w- c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
2011-06-09 16:17 . 2011-06-09 16:17 -------- d-----w- c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
2011-06-09 02:41 . 2011-06-09 02:41 -------- d-----w- c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
2011-06-08 14:41 . 2011-06-08 14:41 -------- d-----w- c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
2011-06-08 02:36 . 2011-06-08 02:36 -------- d-----w- c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 14:16 . 2011-06-07 14:17 -------- d-----w- c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59778
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
exefile="c:\windows\SysWOW64\config\systemprofile\AppData\Local\hcq.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{009A6416-669F-4147-8F1B-176A85CCE46a} - c:\windows\SysWow64\atiumdva32.dll
BHO-{010DBB78-2FED-4AED-A7E8-DC083989F51f} - c:\windows\SysWow64\atiumdva32.dll
BHO-{015113EC-A4E0-4FB1-9CE1-2140252DABE2} - c:\windows\SysWow64\atiumdva32.dll
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-e466e1645b951d29a0bcbe4576d3713d - c:\users\Amanda\DOWNLO~1\RI1FB0~1.EXE
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Gateway Photo Frame - c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Gateway Game Console - c:\program files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe
AddRemove-MAGIX Speed 2 UK - c:\program files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WT046831 - c:\program files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT046838 - c:\program files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT046859 - c:\program files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT046882 - c:\program files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe
AddRemove-WT046884 - c:\program files (x86)\Gateway Games\FATE\Uninstall.exe
AddRemove-WT046904 - c:\program files (x86)\Gateway Games\Polar Bowler\Uninstall.exe
AddRemove-WT046906 - c:\program files (x86)\Gateway Games\Polar Golfer\Uninstall.exe
AddRemove-WT046908 - c:\program files (x86)\Gateway Games\Polar Pool\Uninstall.exe
AddRemove-WT046910 - c:\program files (x86)\Gateway Games\The Price is Right\Uninstall.exe
AddRemove-WT046928 - c:\program files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT070562 - c:\program files (x86)\Gateway Games\Success Story\Uninstall.exe
AddRemove-WT071801 - c:\program files (x86)\Gateway Games\Zoo Vet\Uninstall.exe
AddRemove-WT072374 - c:\program files (x86)\Gateway Games\Burger Island\Uninstall.exe
AddRemove-WT072473 - c:\program files (x86)\Gateway Games\Chocolatier - Decadence by Design\Uninstall.exe
AddRemove-WT072477 - c:\program files (x86)\Gateway Games\Ciao Bella\Uninstall.exe
AddRemove-WT072769 - c:\program files (x86)\Gateway Games\Dress Shop Hop\Uninstall.exe
AddRemove-WT072823 - c:\program files (x86)\Gateway Games\Family Feud Hollywood Edition\Uninstall.exe
AddRemove-WT072848 - c:\program files (x86)\Gateway Games\Feeding Frenzy 2\Uninstall.exe
AddRemove-WT072867 - c:\program files (x86)\Gateway Games\FishCo\Uninstall.exe
AddRemove-WT072885 - c:\program files (x86)\Gateway Games\Fish Tycoon\Uninstall.exe
AddRemove-WT073317 - c:\program files (x86)\Gateway Games\Lemonade Tycoon 2\Uninstall.exe
AddRemove-WT074007 - c:\program files (x86)\Gateway Games\Stand O' Food\Uninstall.exe
AddRemove-WT074201 - c:\program files (x86)\Gateway Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT074261 - c:\program files (x86)\Gateway Games\Westward\Uninstall.exe
AddRemove-WT074344 - c:\program files (x86)\Gateway Games\Winemaker Extraordinaire\Uninstall.exe
AddRemove-WT075246 - c:\program files (x86)\Gateway Games\Jane's Zoo\Uninstall.exe
AddRemove-WT076382 - c:\program files (x86)\Gateway Games\3 Days - Zoo Mystery\Uninstall.exe
AddRemove-WT078827 - c:\program files (x86)\Gateway Games\Nanny 911\Uninstall.exe
AddRemove-WT079516 - c:\program files (x86)\Gateway Games\Deer Drive\Uninstall.exe
AddRemove-WT079573 - c:\program files (x86)\Gateway Games\MONOPOLY Build-a-lot Edition\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-07-06 17:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 21:50
.
Pre-Run: 397,411,774,464 bytes free
Post-Run: 400,064,819,200 bytes free
.
- - End Of File - - D882E408958C4C8116865FFB322E91B6
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:05 PM, on 7/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ModLedKey.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59778
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll
O2 - BHO: (no name) - {009A6416-669F-4147-8F1B-176A85CCE46a} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {010DBB78-2FED-4AED-A7E8-DC083989F51f} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {015113EC-A4E0-4FB1-9CE1-2140252DABE2} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: HopalustRdp - {705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Function Discovery Resource Publication (FDResPub32) - Unknown owner - c:\windows\system32\mfc7132.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 12258 bytes
Combo then Hijack.
ComboFix 11-07-06.03 - Amanda 07/06/2011 17:23:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4237 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.exe
c:\programdata\KBDCZ132.dll
c:\users\Amanda\11f5fe2a4b5bf2222732d4907dd8efeb.jpg
c:\users\Amanda\6a00d8341bfcfe53ef00e54f8f12648834-800wi.jpg
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\system32\service
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 21:41 . 2011-07-06 21:44 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-05 23:25 . 2011-07-05 23:25 -------- d-----w- c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
2011-07-05 23:11 . 2011-07-05 23:11 -------- d-----w- c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
2011-07-05 18:03 . 2011-07-05 18:03 -------- d-----w- c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
2011-07-04 15:51 . 2011-07-04 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
2011-07-04 03:33 . 2011-07-04 03:33 -------- d-----w- c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
2011-07-03 01:08 . 2011-07-03 01:09 -------- d-----w- c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
2011-07-02 05:12 . 2011-07-02 05:12 -------- d-----w- c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
2011-07-01 17:11 . 2011-07-01 17:12 -------- d-----w- c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
2011-07-01 05:11 . 2011-07-01 05:11 -------- d-----w- c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-30 17:11 . 2011-06-30 17:11 -------- d-----w- c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
2011-06-30 02:48 . 2011-06-30 02:49 -------- d-----w- c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-29 14:48 . 2011-06-29 14:48 -------- d-----w- c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
2011-06-28 20:10 . 2011-06-28 20:10 -------- d-----w- c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
2011-06-28 02:38 . 2011-06-28 02:39 -------- d-----w- c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 -------- d-----w- c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
2011-06-26 22:51 . 2011-06-26 22:51 -------- d-----w- c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
2011-06-25 14:40 . 2011-06-25 14:40 -------- d-----w- c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
2011-06-25 02:40 . 2011-06-25 02:40 -------- d-----w- c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
2011-06-24 04:14 . 2011-06-24 04:15 -------- d-----w- c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
2011-06-23 16:14 . 2011-06-23 16:14 -------- d-----w- c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
2011-06-22 16:47 . 2011-06-22 16:47 -------- d-----w- c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
2011-06-22 02:31 . 2011-06-22 02:31 -------- d-----w- c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
2011-06-21 14:31 . 2011-06-21 14:31 -------- d-----w- c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
2011-06-20 14:30 . 2011-06-20 14:30 -------- d-----w- c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
2011-06-20 02:29 . 2011-06-20 02:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
2011-06-19 14:29 . 2011-06-19 14:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
2011-06-18 19:51 . 2011-06-18 19:51 -------- d-----w- c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
2011-06-18 07:00 . 2011-06-18 07:00 -------- d-----w- c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
2011-06-17 18:21 . 2011-06-17 18:21 -------- d-----w- c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
2011-06-17 03:47 . 2011-06-17 03:47 -------- d-----w- c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
2011-06-16 15:46 . 2011-06-16 15:46 -------- d-----w- c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
2011-06-15 17:05 . 2011-06-15 17:06 -------- d-----w- c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 16:04 . 2011-06-14 16:04 -------- d-----w- c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
2011-06-14 04:03 . 2011-06-14 04:04 -------- d-----w- c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 16:03 . 2011-06-13 16:03 -------- d-----w- c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-12 16:02 . 2011-06-12 16:02 -------- d-----w- c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
2011-06-11 16:38 . 2011-06-11 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
2011-06-11 04:37 . 2011-06-11 04:38 -------- d-----w- c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
2011-06-10 16:37 . 2011-06-10 16:37 -------- d-----w- c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
2011-06-10 04:17 . 2011-06-10 04:18 -------- d-----w- c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
2011-06-09 16:17 . 2011-06-09 16:17 -------- d-----w- c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
2011-06-09 02:41 . 2011-06-09 02:41 -------- d-----w- c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
2011-06-08 14:41 . 2011-06-08 14:41 -------- d-----w- c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
2011-06-08 02:36 . 2011-06-08 02:36 -------- d-----w- c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 14:16 . 2011-06-07 14:17 -------- d-----w- c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59778
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
exefile="c:\windows\SysWOW64\config\systemprofile\AppData\Local\hcq.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{009A6416-669F-4147-8F1B-176A85CCE46a} - c:\windows\SysWow64\atiumdva32.dll
BHO-{010DBB78-2FED-4AED-A7E8-DC083989F51f} - c:\windows\SysWow64\atiumdva32.dll
BHO-{015113EC-A4E0-4FB1-9CE1-2140252DABE2} - c:\windows\SysWow64\atiumdva32.dll
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-e466e1645b951d29a0bcbe4576d3713d - c:\users\Amanda\DOWNLO~1\RI1FB0~1.EXE
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Gateway Photo Frame - c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Gateway Game Console - c:\program files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe
AddRemove-MAGIX Speed 2 UK - c:\program files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WT046831 - c:\program files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT046838 - c:\program files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT046859 - c:\program files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT046882 - c:\program files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe
AddRemove-WT046884 - c:\program files (x86)\Gateway Games\FATE\Uninstall.exe
AddRemove-WT046904 - c:\program files (x86)\Gateway Games\Polar Bowler\Uninstall.exe
AddRemove-WT046906 - c:\program files (x86)\Gateway Games\Polar Golfer\Uninstall.exe
AddRemove-WT046908 - c:\program files (x86)\Gateway Games\Polar Pool\Uninstall.exe
AddRemove-WT046910 - c:\program files (x86)\Gateway Games\The Price is Right\Uninstall.exe
AddRemove-WT046928 - c:\program files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT070562 - c:\program files (x86)\Gateway Games\Success Story\Uninstall.exe
AddRemove-WT071801 - c:\program files (x86)\Gateway Games\Zoo Vet\Uninstall.exe
AddRemove-WT072374 - c:\program files (x86)\Gateway Games\Burger Island\Uninstall.exe
AddRemove-WT072473 - c:\program files (x86)\Gateway Games\Chocolatier - Decadence by Design\Uninstall.exe
AddRemove-WT072477 - c:\program files (x86)\Gateway Games\Ciao Bella\Uninstall.exe
AddRemove-WT072769 - c:\program files (x86)\Gateway Games\Dress Shop Hop\Uninstall.exe
AddRemove-WT072823 - c:\program files (x86)\Gateway Games\Family Feud Hollywood Edition\Uninstall.exe
AddRemove-WT072848 - c:\program files (x86)\Gateway Games\Feeding Frenzy 2\Uninstall.exe
AddRemove-WT072867 - c:\program files (x86)\Gateway Games\FishCo\Uninstall.exe
AddRemove-WT072885 - c:\program files (x86)\Gateway Games\Fish Tycoon\Uninstall.exe
AddRemove-WT073317 - c:\program files (x86)\Gateway Games\Lemonade Tycoon 2\Uninstall.exe
AddRemove-WT074007 - c:\program files (x86)\Gateway Games\Stand O' Food\Uninstall.exe
AddRemove-WT074201 - c:\program files (x86)\Gateway Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT074261 - c:\program files (x86)\Gateway Games\Westward\Uninstall.exe
AddRemove-WT074344 - c:\program files (x86)\Gateway Games\Winemaker Extraordinaire\Uninstall.exe
AddRemove-WT075246 - c:\program files (x86)\Gateway Games\Jane's Zoo\Uninstall.exe
AddRemove-WT076382 - c:\program files (x86)\Gateway Games\3 Days - Zoo Mystery\Uninstall.exe
AddRemove-WT078827 - c:\program files (x86)\Gateway Games\Nanny 911\Uninstall.exe
AddRemove-WT079516 - c:\program files (x86)\Gateway Games\Deer Drive\Uninstall.exe
AddRemove-WT079573 - c:\program files (x86)\Gateway Games\MONOPOLY Build-a-lot Edition\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-07-06 17:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 21:50
.
Pre-Run: 397,411,774,464 bytes free
Post-Run: 400,064,819,200 bytes free
.
- - End Of File - - D882E408958C4C8116865FFB322E91B6
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:05 PM, on 7/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ModLedKey.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59778
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll
O2 - BHO: (no name) - {009A6416-669F-4147-8F1B-176A85CCE46a} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {010DBB78-2FED-4AED-A7E8-DC083989F51f} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {015113EC-A4E0-4FB1-9CE1-2140252DABE2} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: HopalustRdp - {705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Function Discovery Resource Publication (FDResPub32) - Unknown owner - c:\windows\system32\mfc7132.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)
--
End of file - 12258 bytes