Author Topic: 129 mywebsearch (malwarebytes) (Read 414 times)

Ghost · « **on:** December 01, 2011, 01:46:20 PM »

hi all,
well i was supposed to install some printer software but i thought this system was running slow.
so i ran malwarebytes and found 129 infections.
so here i go again.

info.txt logfile of random's system information tool 1.09 2011-12-01 09:35:24

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader X (10.1.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Belkin N300 Micro USB Wireless Adapter-->C:\Program Files\InstallShield Installation Information\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}\Install.exe -uninst -l0x9
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Crawler Toolbar-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FileHippo.com Update Checker-->"C:\Program Files\FileHippo.com\uninstall.exe"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Inbox Toolbar-->"C:\Program Files\Inbox Toolbar\unins000.exe"
Java(TM) 7 Update 1-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217001FF}
jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins001.exe"
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77CA976C-403C-47E2-940B-733ECAB6F62B}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}
PC Power Speed 1.0.0.0-->"C:\Program Files\PCPowerSpeed\unins000.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RebateInformer-->"C:\Program Files\RebateInformer\unins000.exe"
Registry Mechanic 5.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
TotalRecipeSearch-->rundll32 C:\PROGRA~1\TOTALR~2\bar\1.bin\14Bar.dll,O
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Wizard101-->"C:\Program Files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe" -runfromtemp -l0x0009 -removeonly
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Brian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB2492386(Update) into Staged(Staged) state
Record Number: 60969
Source Name: Microsoft-Windows-Servicing
Time Written: 20111201131901.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB2492386(Update) into Staged(Staged) state
Record Number: 60970
Source Name: Microsoft-Windows-Servicing
Time Written: 20111201131901.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 60989
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111201132351.565600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 61002
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20111201133004.457914-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 61086
Source Name: Service Control Manager
Time Written: 20111201133112.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Brian-PC
Event Code: 0
Message:
Record Number: 3647
Source Name: AtBroker
Time Written: 20110920005259.000000-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 0
Message:
Record Number: 3648
Source Name: AtBroker
Time Written: 20110920005259.000000-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 0
Message:
Record Number: 3649
Source Name: AtBroker
Time Written: 20110920005259.000000-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 1000
Message: Faulting application setup.exe_InstallShield, version 15.0.0.498, time stamp 0x482518da, faulting module ISSetup.dll, version 15.0.0.591, time stamp 0x48c89fa2, exception code 0xc0000005, fault offset 0x0009c443, process id 0x588, application start time 0x01cc88fdcda8d66a.
Record Number: 3772
Source Name: Application Error
Time Written: 20111012164136.000000-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = E:\Support\DirectX\DXSETUP.exe /silent; Descripton = ôBw; Hr = 0x80070057).
Record Number: 3902
Source Name: System Restore
Time Written: 20111111190630.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Brian-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 12044
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111201143521.906114-000
Event Type: Audit Failure
User:

Computer Name: Brian-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 12045
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111201143522.030914-000
Event Type: Audit Failure
User:

Computer Name: Brian-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 12046
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111201143522.155714-000
Event Type: Audit Failure
User:

Computer Name: Brian-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 12047
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111201143522.280514-000
Event Type: Audit Failure
User:

Computer Name: Brian-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 12048
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111201143522.405314-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Brian at 2011-12-01 09:35:16
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 224 GB (75%) free of 297 GB
Total RAM: 1918 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:22 AM, on 12/1/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\RebateInformer\RebateInf.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\WINDOWS\System32\notepad.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\trend micro\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60609
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60609
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60609
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60609
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
R3 - URLSearchHook: (no name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Toolbar BHO - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~1\TOTALR~2\bar\1.bin\14bar.dll
O2 - BHO: Search Assistant BHO - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe"
O4 - HKLM\..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TotalRecipeSearchService (TotalRecipeSearch_14Service) - COMPANYVERS_NAME - C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8653 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.inbox.com/homepage.aspx?tbid=80469&lng=en"
prefs.js - "extensions.enabledItems" - "inboxcomtoolbar@inbox.com:1.0.0.44, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4, {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.24, 14ffxtbr@TotalRecipeSearch_14.com:1.2, {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm072YYus&ptb=D1247B9B-6970-4413-85A2-E1BF7BC9C572&psa=&ind=2011111215&ptnrS=YKxdm072YYus&si=49737xxxxximage&st=kwd&n=77df1f2f&searchfor="

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\
"14ffxtbr@TotalRecipeSearch_14.com"=C:\Program Files\TotalRecipeSearch_14\bar\1.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin]
"Description"=TotalRecipeSearch Plugin
"Path"=C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
crawlersrch.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\
14ffxtbr@TotalRecipeSearch_14.com
appbar@alot.com
inboxcomtoolbar@inbox.com

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\searchplugins\
inbox-search.xml
TotalRecipeSearch_14.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}]
Toolbar BHO - C:\PROGRA~1\TOTALR~2\bar\1.bin\14bar.dll [2011-11-12 689552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}]
Search Assistant BHO - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [2011-11-12 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-04-11 856080]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-04-08 1215224]
{a0154e07-2b48-475c-a82a-80efd84ea33e} - TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2011-11-12 689552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
""= []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RegistryMechanic"= []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2011-09-26 385664]
"TotalRecipeSearch Search Scope Monitor"=C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe [2011-11-12 38440]
"TotalRecipeSearch_14 Browser Plugin Loader"=C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe [2011-11-12 30096]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-16 221184]
"RebateInformer"=C:\PROGRA~1\REBATE~1\REBATE~1.EXE [2011-11-15 1114112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2010-08-09 248832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-12-01 09:35:16 ----D---- C:\rsit
2011-12-01 09:35:16 ----D---- C:\Program Files\trend micro
2011-12-01 08:18:12 ----A---- C:\Windows\system32\msshsq.dll
2011-11-24 08:57:35 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-11-24 08:57:35 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-24 08:57:31 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-11-24 08:57:31 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-11-24 08:57:30 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-24 08:57:06 ----A---- C:\Windows\avastSS.scr
2011-11-24 08:57:05 ----A---- C:\Windows\system32\aswBoot.exe
2011-11-24 08:56:42 ----D---- C:\ProgramData\AVAST Software
2011-11-24 08:56:42 ----D---- C:\Program Files\AVAST Software
2011-11-24 08:03:34 ----D---- C:\ProgramData\Sun
2011-11-24 08:03:34 ----D---- C:\Program Files\Common Files\Java
2011-11-24 08:02:46 ----A---- C:\Windows\system32\javaws.exe
2011-11-24 08:02:46 ----A---- C:\Windows\system32\javaw.exe
2011-11-24 08:02:46 ----A---- C:\Windows\system32\java.exe
2011-11-24 07:58:29 ----D---- C:\Program Files\Common Files\Adobe
2011-11-24 07:29:55 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-11-24 07:29:55 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-11-24 07:05:19 ----A---- C:\Windows\system32\msshooks.dll
2011-11-24 07:05:19 ----A---- C:\Windows\system32\msscb.dll
2011-11-24 07:05:18 ----A---- C:\Windows\system32\mssitlb.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\thawbrkr.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\srchadmin.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-11-24 07:05:17 ----A---- C:\Windows\system32\propsys.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\propdefs.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\msstrc.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\mssprxy.dll
2011-11-24 07:05:17 ----A---- C:\Windows\system32\korwbrkr.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\xmlfilter.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\wsepno.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\rtffilt.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\offfilt.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\nlhtml.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\msscntrs.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\mimefilt.dll
2011-11-24 07:05:16 ----A---- C:\Windows\system32\chsbrkr.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\tquery.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-11-24 07:05:15 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-11-24 07:05:15 ----A---- C:\Windows\system32\mssvp.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\mssrch.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\mssphtb.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\mssph.dll
2011-11-24 07:05:15 ----A---- C:\Windows\system32\chtbrkr.dll
2011-11-24 07:02:57 ----A---- C:\Windows\system32\psisdecd.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\PresentationHost.exe
2011-11-24 06:59:11 ----A---- C:\Windows\system32\netfxperf.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\mscoree.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\dfshim.dll
2011-11-24 06:53:18 ----D---- C:\Windows\system32\WindowsPowerShell
2011-11-24 06:52:09 ----A---- C:\Windows\system32\winrsmgr.dll
2011-11-24 06:51:55 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-11-24 06:51:55 ----A---- C:\Windows\system32\winrshost.exe
2011-11-24 06:51:55 ----A---- C:\Windows\system32\winrs.exe
2011-11-24 06:51:54 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-11-24 06:51:54 ----A---- C:\Windows\system32\winrssrv.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\WsmRes.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wevtfwd.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecutil.exe
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecsvc.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecapi.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-11-24 06:51:50 ----A---- C:\Windows\system32\winrm.vbs
2011-11-24 06:51:49 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-11-24 06:51:49 ----A---- C:\Windows\system32\WsmAuto.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WsmSvc.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-11-24 06:51:48 ----A---- C:\Windows\system32\winrscmd.dll
2011-11-24 06:49:08 ----A---- C:\Windows\system32\fontsub.dll
2011-11-24 06:49:08 ----A---- C:\Windows\system32\atmlib.dll
2011-11-24 06:49:08 ----A---- C:\Windows\system32\atmfd.dll
2011-11-24 06:49:07 ----A---- C:\Windows\system32\odbc32.dll
2011-11-24 06:49:05 ----A---- C:\Windows\system32\mshtml.dll
2011-11-24 06:49:04 ----A---- C:\Windows\system32\ieframe.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\wininet.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\urlmon.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\occache.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\mstime.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\msfeeds.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\iertutil.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\iepeers.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\iedkcs32.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\ieaksie.dll
2011-11-24 06:49:02 ----A---- C:\Windows\system32\jsproxy.dll
2011-11-24 06:49:02 ----A---- C:\Windows\system32\ieUnatt.exe
2011-11-24 06:49:02 ----A---- C:\Windows\system32\ieencode.dll
2011-11-24 06:49:02 ----A---- C:\Windows\system32\ieapfltr.dll
2011-11-24 06:48:35 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-11-24 06:48:35 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-11-24 06:48:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-11-24 06:48:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-11-24 06:48:32 ----A---- C:\Windows\system32\ntdll.dll
2011-11-24 06:48:26 ----A---- C:\Windows\system32\mfc42u.dll
2011-11-24 06:48:26 ----A---- C:\Windows\system32\mfc42.dll
2011-11-24 06:48:25 ----A---- C:\Windows\system32\drivers\srv.sys
2011-11-24 06:48:23 ----A---- C:\Windows\system32\win32k.sys
2011-11-24 06:48:22 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-11-24 06:48:22 ----A---- C:\Windows\system32\dnsapi.dll
2011-11-24 06:48:21 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-11-24 06:48:19 ----A---- C:\Windows\system32\drivers\afd.sys
2011-11-24 06:48:16 ----A---- C:\Windows\system32\shsvcs.dll
2011-11-24 06:48:13 ----A---- C:\Windows\system32\sdclt.exe
2011-11-24 06:48:13 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-11-24 06:48:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-11-24 06:48:12 ----A---- C:\Windows\system32\vbscript.dll
2011-11-24 06:48:12 ----A---- C:\Windows\system32\jscript.dll
2011-11-24 06:48:11 ----A---- C:\Windows\system32\oleaut32.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\sbeio.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\sbe.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\EncDec.dll
2011-11-24 06:48:08 ----A---- C:\Windows\system32\shell32.dll
2011-11-24 06:48:07 ----A---- C:\Windows\system32\shlwapi.dll
2011-11-24 06:48:07 ----A---- C:\Windows\system32\inetcomm.dll
2011-11-24 06:48:06 ----A---- C:\Windows\system32\kernel32.dll
2011-11-24 06:43:33 ----A---- C:\Windows\system32\winsrv.dll
2011-11-24 06:43:33 ----A---- C:\Windows\system32\csrsrv.dll
2011-11-24 06:41:04 ----A---- C:\Windows\system32\mstscax.dll
2011-11-24 06:41:03 ----A---- C:\Windows\system32\mstsc.exe
2011-11-24 06:41:01 ----A---- C:\Windows\system32\schannel.dll
2011-11-24 06:38:03 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2011-11-24 06:37:54 ----D---- C:\ProgramData\Malwarebytes
2011-11-24 06:37:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-24 06:37:51 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-11-13 14:45:50 ----D---- C:\ProgramData\Google
2011-11-13 14:45:50 ----D---- C:\Program Files\Google
2011-11-13 14:41:49 ----D---- C:\Program Files\FileHippo.com
2011-11-13 12:05:50 ----A---- C:\Windows\lexstat.ini
2011-11-13 11:59:44 ----A---- C:\Windows\uninst.exe
2011-11-13 11:59:31 ----RASH---- C:\MSDOS.SYS
2011-11-13 11:59:31 ----RASH---- C:\IO.SYS
2011-11-12 15:36:22 ----D---- C:\Program Files\TotalRecipeSearch_14
2011-11-12 15:36:11 ----D---- C:\Program Files\TotalRecipeSearch_14EI
2011-11-11 14:38:20 ----D---- C:\ProgramData\Electronic Arts
2011-11-11 14:06:53 ----D---- C:\Program Files\Microsoft WSE
2011-11-11 14:06:30 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-11 13:53:54 ----D---- C:\Program Files\Electronic Arts

======List of files/folders modified in the last 1 month======

2011-12-01 09:35:22 ----D---- C:\Windows\Prefetch
2011-12-01 09:35:21 ----D---- C:\Windows\TEMP
2011-12-01 09:35:16 ----RD---- C:\Program Files
2011-12-01 09:25:36 ----D---- C:\Windows\system32\drivers
2011-12-01 08:40:27 ----D---- C:\Windows\winsxs
2011-12-01 08:38:24 ----D---- C:\WINDOWS
2011-12-01 08:36:04 ----D---- C:\Windows\System32
2011-12-01 08:36:04 ----D---- C:\Windows\inf
2011-12-01 08:36:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-01 08:30:17 ----D---- C:\Windows\system32\catroot
2011-12-01 08:23:48 ----D---- C:\Windows\AppPatch
2011-12-01 08:21:52 ----SHD---- C:\System Volume Information
2011-12-01 08:18:56 ----D---- C:\Users\Brian\AppData\Roaming\PCPowerSpeed
2011-12-01 08:12:40 ----D---- C:\Windows\SoftwareDistribution
2011-12-01 08:11:46 ----D---- C:\Windows\twain_32
2011-12-01 08:10:22 ----D---- C:\Program Files\RebateInformer
2011-11-24 09:01:59 ----D---- C:\Windows\system32\WDI
2011-11-24 08:57:15 ----SHD---- C:\Windows\Installer
2011-11-24 08:57:07 ----D---- C:\Program Files\Windows Sidebar
2011-11-24 08:56:42 ----HD---- C:\ProgramData
2011-11-24 08:50:01 ----D---- C:\Program Files\Downloads
2011-11-24 08:09:09 ----SD---- C:\ProgramData\Microsoft
2011-11-24 08:06:41 ----D---- C:\Windows\Debug
2011-11-24 08:03:34 ----D---- C:\Program Files\Common Files
2011-11-24 08:02:27 ----A---- C:\Windows\system32\deployJava1.dll
2011-11-24 08:02:22 ----D---- C:\Program Files\Java
2011-11-24 07:58:33 ----D---- C:\ProgramData\Adobe
2011-11-24 07:58:29 ----D---- C:\Program Files\Adobe
2011-11-24 07:36:48 ----D---- C:\Windows\rescache
2011-11-24 07:33:05 ----D---- C:\Windows\Microsoft.NET
2011-11-24 07:32:44 ----RSD---- C:\Windows\assembly
2011-11-24 07:28:07 ----D---- C:\Windows\system32\catroot2
2011-11-24 07:16:39 ----D---- C:\Windows\system32\en-US
2011-11-24 07:16:39 ----D---- C:\Program Files\Windows Media Player
2011-11-24 07:16:39 ----D---- C:\Program Files\Windows Mail
2011-11-24 07:16:38 ----D---- C:\Program Files\Internet Explorer
2011-11-24 07:16:37 ----D---- C:\Windows\PolicyDefinitions
2011-11-24 07:16:37 ----D---- C:\Program Files\Movie Maker
2011-11-24 07:16:36 ----D---- C:\Windows\system32\wbem
2011-11-24 07:16:36 ----D---- C:\Windows\ehome
2011-11-24 07:16:34 ----RSD---- C:\Windows\Fonts
2011-11-24 06:30:11 ----AD---- C:\ProgramData\TEMP
2011-11-24 06:30:02 ----D---- C:\Program Files\SpywareBlaster
2011-11-13 14:46:37 ----D---- C:\Windows\Logs
2011-11-13 14:46:12 ----D---- C:\Program Files\CCleaner
2011-11-11 14:06:55 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
2011-11-11 13:53:52 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-10-26 110624]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 320856]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 693760]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2009-08-19 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 TotalRecipeSearch_14Service;TotalRecipeSearchService; C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe [2011-11-12 42504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 7 Update 1
Adobe Flash Player (   10.1.102.64) Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox ((3.6.3)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

thanks,
Ghost

Corrine · « **Reply #1 on:** December 01, 2011, 02:06:59 PM »

Hi, Ghost.

I'm not surprised the system is running slow. It also will need some serious updating, but let's wait for that.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Ghost · « **Reply #2 on:** December 01, 2011, 02:47:57 PM »

combobox ran but now i have no internet connection with ff or ie and my portable ff will not connect.
i get a popup saying something about "illegal operation and file is set to delete".
no windows recovery console was installed.

ComboFix 11-12-01.01 - Brian 12/01/2011 10:19:59.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1918.998 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\TotalRecipeSearch_14
c:\program files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14bar.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14html.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files\TotalRecipeSearch_14EI
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Service_TotalRecipeSearch_14Service
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
2011-12-01 15:28 . 2011-12-01 15:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{987B6F1E-B1D1-4BE8-8127-2B63273DD544}\offreg.dll
2011-12-01 14:35 . 2011-12-01 14:35 -------- d-----w- C:\rsit
2011-12-01 14:35 . 2011-12-01 14:35 -------- d-----w- c:\program files\trend micro
2011-12-01 13:21 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{987B6F1E-B1D1-4BE8-8127-2B63273DD544}\mpengine.dll
2011-12-01 13:18 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-11-24 13:57 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-24 13:57 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 13:57 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-24 13:57 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-24 13:57 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-24 13:57 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-24 13:57 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 13:56 . 2011-11-24 13:56 -------- d-----w- c:\programdata\AVAST Software
2011-11-24 13:56 . 2011-11-24 13:56 -------- d-----w- c:\program files\AVAST Software
2011-11-24 13:03 . 2011-11-24 13:03 -------- d-----w- c:\program files\Common Files\Java
2011-11-24 13:02 . 2011-11-24 13:02 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-24 12:58 . 2011-11-24 12:58 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-24 12:29 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-11-24 12:29 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-24 12:02 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-11-24 12:02 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-24 12:02 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-24 11:59 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-11-24 11:59 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-11-24 11:59 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-11-24 11:59 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-11-24 11:59 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-11-24 11:52 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-11-24 11:49 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-24 11:48 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-11-24 11:43 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-11-24 11:43 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-24 11:41 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-11-24 11:41 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-11-24 11:41 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-11-24 11:38 . 2011-11-24 11:38 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-11-24 11:37 . 2011-11-24 11:37 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 11:37 . 2011-11-24 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 11:37 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 19:45 . 2011-11-13 19:45 -------- d-----w- c:\program files\Google
2011-11-13 19:41 . 2011-11-13 19:41 -------- d-----w- c:\program files\FileHippo.com
2011-11-13 17:27 . 2008-01-19 07:34 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-11-13 16:59 . 1997-04-09 01:08 299520 ----a-w- c:\windows\uninst.exe
2011-11-11 19:38 . 2011-11-11 19:38 -------- d-----w- c:\programdata\Electronic Arts
2011-11-11 19:06 . 2011-11-11 19:06 -------- d-----w- c:\program files\Microsoft WSE
2011-11-11 19:06 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-11-11 18:53 . 2011-11-11 19:36 -------- d-----w- c:\program files\Electronic Arts

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-24 13:02 . 2011-01-09 21:35 544656 ----a-w- c:\windows\system32\deployJava1.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCPowerSpeed"="c:\program files\PCPowerSpeed\PCPowerTray.exe" [2011-09-27 385664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 18:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987767389-3598083916-4194163281-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 693760]

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/?ilc=14
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80469&lng=en
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm072YYus&ptb=D1247B9B-6970-4413-85A2-E1BF7BC9C572&psa=&ind=2011111215&ptnrS=YKxdm072YYus&si=49737xxxxximage&st=kwd&n=77df1f2f&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: TotalRecipeSearch: 14ffxtbr@TotalRecipeSearch_14.com - %profile%\extensions\14ffxtbr@TotalRecipeSearch_14.com
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
FF - Ext: RebateInformer: {ED76C299-85BC-4891-9237-74A140C28832} - c:\program files\RebateInformer\Firefox

- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-TotalRecipeSearch Search Scope Monitor - c:\progra~1\TOTALR~2\bar\1.bin\14srchmn.exe
HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - c:\progra~1\TOTALR~2\bar\1.bin\14brmon.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 10:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

------------------------ Other Running Processes ------------------------

c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\RebateInformer\RebateInf.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

**************************************************************************

Completion time: 2011-12-01 10:34:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 15:34

Pre-Run: 234,486,075,392 bytes free
Post-Run: 233,998,155,776 bytes free

- - End Of File - - 89B8CAEA2130227872F9A1E39E9EE7CE

thanks,
Ghost

[Edit Note: replaced double-space formatted log with single-space for readability. Corrine]

Corrine · « **Reply #3 on:** December 01, 2011, 05:13:17 PM »

Hi, Ghost.

Please post a copy of C:\Qoobox\ComboFix-quarantined-files.txt

Ghost · « **Reply #4 on:** December 01, 2011, 05:49:38 PM »

oops;-(
info.txt logfile of random's system information tool 1.09 2011-12-01 09:35:24

[Edited out duplicate log. Corrine]

Ghost · « **Reply #5 on:** December 01, 2011, 06:07:14 PM »

ok i finally did find the correct txt file......geez
2011-12-01 15:34:12 . 2011-12-01 15:34:12 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-avgnt.reg.dat

2011-12-01 15:34:03 . 2011-12-01 15:34:03 176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader.reg.dat

2011-12-01 15:34:03 . 2011-12-01 15:34:03 284 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TotalRecipeSearch Search Scope Monitor.reg.dat

2011-12-01 15:34:03 . 2011-12-01 15:34:03 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-RegistryMechanic.reg.dat

2011-12-01 15:24:36 . 2011-12-01 15:24:36 1,140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TotalRecipeSearch_14Service.reg.dat

2011-12-01 15:24:24 . 2011-12-01 15:24:24 4,831 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-12-01 15:18:00 . 2011-12-01 15:19:59 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

2011-11-12 20:36:23 . 2011-11-12 20:36:23 24 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\Settings\s_pid.dat.vir

2011-11-12 20:36:23 . 2011-11-12 20:36:23 447,767 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S.vir

2011-11-12 20:36:23 . 2011-11-12 20:36:23 18,793 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\Message\COMMON.T8S.vir

2011-11-12 20:36:23 . 2011-11-12 20:36:23 27,204 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 38,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 165,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 95,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 161,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 83,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 34,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14idle.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 24,695 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 22,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14medint.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 46,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 161,288 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14msg.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 62,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 124,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14radio.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14reghk.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 46,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14script.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 128,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 30,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 62,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 165,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 30,224 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 689,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 42,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 30,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 34,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 99,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 50,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 54,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 91,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 22,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14highin.exe.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 34,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 265 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 937 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 10,054 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP.vir

2011-11-12 20:36:22 . 2011-11-12 20:36:22 30,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll.vir

2007-03-20 14:01:56 . 2007-03-20 14:01:55 122,938 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\HPCPCUninstaller-6.3.2.139-6811507.exe.vir
thanks,
Ghost

Corrine · « **Reply #6 on:** December 01, 2011, 09:48:15 PM »

Hi, Ghost.

There's nothing in the ComboFix Quarantine Log that would cause a problem with the Internet Connection. Note from Microsoft KB 952876:

Quote

When a computer that is running Windows Vista or Windows Server 2008 is under high stress, the TCP/IP Registry Compatibility (Tcpipreg) service may stop responding. Or, a malfunction may occur in the service.

Based on what you told me separately about Avast and File Hippo popping up multiple times, that added "stress" may be the reason for the problem. A shutdown/restart may solve the problem. If not, give the following a try:

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop and transfer it to the other computer.
Double-click flush.bat file to run it. Your computer will reboot.

Note: For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".

If that doesn't work, ComboFix creates a restore point prior to running. You could try restoring to that or an earlier point.

Let me know how that goes and then we can proceed with the rest of the clean-up.

Ghost · « **Reply #7 on:** December 01, 2011, 10:29:49 PM »

hi Corrine,
i rebooted and all is working.
im ready to proceed;-).
Ghost

Corrine · « **Reply #8 on:** December 02, 2011, 12:27:27 AM »

Hi, Ghost. That's good news.

As I understand you were only helping a friend install a printer and realized there were problems with the computer, you will probably want to check with that person before removing/updating programs.

I strongly recommend uninstalling the following:

1) Registry Mechanic -- I could provide my standard "lecture" about registry cleaners but will just leave it that such tools tend to do more damage than good.

2) Crawler Toolbar -- MBAM Professional blocks access to the website. McAfee has this information: http://vil.mcafeesecurity.com/vil/content/v_137764.htm

3) PC Power Speed 1.0.0.0 -- also from Crawler.com, Since the site is blocked and most of what I'm finding is requests for helping to remove it, I recommend it also be unisntalled.

4) Rebate Informer -- listed in hpHOSTS file and from indications at WOT, caution is needed as it has been identified as a site that might spread malware or spam your computer.

Please also pass along the advice that FileHippo.com Update Checker is not a security tool and caution needs to be used when downloading the presented files because Beta programs are also included. Secunia Personal Software Inspector only provides information about security updates rather than version updates.

Uninstall the following:

1) jv16 PowerTools 1.3 (another registry cleaner) as it is not compatible with Windows Vista.
2) McAfee Security Scan Plus an unnecessary inclusion with Adobe updates.

Please let me know in your next reply which programs have been uninstalled and provide a fresh RSIT log.

Ghost · « **Reply #9 on:** December 02, 2011, 12:54:59 AM »

hi Corrine,
ive uninstalled crawler toolbar, pc power speed 1.0.0.0, rebate informer, mcafee security scan, reg mech, and jv16 power tools.
here is the log you requested:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Brian at 2011-12-01 20:47:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 264 GB (89%) free of 297 GB
Total RAM: 1918 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:58 PM, on 12/1/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\trend micro\Brian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4790 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.inbox.com/homepage.aspx?tbid=80469&lng=en"
prefs.js - "extensions.enabledItems" - "inboxcomtoolbar@inbox.com:1.0.0.44, 14ffxtbr@TotalRecipeSearch_14.com:1.2, {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80469&language=en&qkw="

"14ffxtbr@TotalRecipeSearch_14.com"=C:\Program Files\TotalRecipeSearch_14\bar\1.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin]
"Description"=TotalRecipeSearch Plugin
"Path"=C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
crawlersrch.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\
14ffxtbr@TotalRecipeSearch_14.com
appbar@alot.com
inboxcomtoolbar@inbox.com

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\searchplugins\
inbox-search.xml
TotalRecipeSearch_14.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-27 441408]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-04-11 856080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-16 221184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
C:\Program Files\FileHippo.com\UpdateChecker.exe [2010-08-09 248832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPowerSpeed]
C:\Program Files\PCPowerSpeed\PCPowerTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer]
C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"vidc.DIVX"=DivX.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-01 18:09:48 ----D---- C:\Windows\system32\vi-VN
2011-12-01 18:09:48 ----D---- C:\Windows\system32\eu-ES
2011-12-01 18:09:48 ----D---- C:\Windows\system32\ca-ES
2011-12-01 17:55:57 ----D---- C:\Windows\system32\EventProviders
2011-12-01 10:34:59 ----D---- C:\Windows\temp
2011-12-01 10:34:58 ----A---- C:\ComboFix.txt
2011-12-01 10:29:09 ----D---- C:\$RECYCLE.BIN
2011-12-01 10:18:04 ----A---- C:\Windows\zip.exe
2011-12-01 10:18:04 ----A---- C:\Windows\SWSC.exe
2011-12-01 10:18:04 ----A---- C:\Windows\SWREG.exe
2011-12-01 10:18:04 ----A---- C:\Windows\sed.exe
2011-12-01 10:18:04 ----A---- C:\Windows\PEV.exe
2011-12-01 10:18:04 ----A---- C:\Windows\NIRCMD.exe
2011-12-01 10:18:04 ----A---- C:\Windows\MBR.exe
2011-12-01 10:18:04 ----A---- C:\Windows\grep.exe
2011-12-01 10:17:59 ----D---- C:\Windows\ERDNT
2011-12-01 10:17:59 ----D---- C:\ComboFix
2011-12-01 10:17:56 ----D---- C:\Qoobox
2011-12-01 09:35:16 ----D---- C:\rsit
2011-12-01 09:35:16 ----D---- C:\Program Files\trend micro
2011-11-24 08:57:35 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-11-24 08:57:35 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-24 08:57:31 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-11-24 08:57:31 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-11-24 08:57:30 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-24 08:57:06 ----A---- C:\Windows\avastSS.scr
2011-11-24 08:57:05 ----A---- C:\Windows\system32\aswBoot.exe
2011-11-24 08:56:42 ----D---- C:\ProgramData\AVAST Software
2011-11-24 08:56:42 ----D---- C:\Program Files\AVAST Software
2011-11-24 08:03:34 ----D---- C:\ProgramData\Sun
2011-11-24 08:03:34 ----D---- C:\Program Files\Common Files\Java
2011-11-24 08:02:46 ----A---- C:\Windows\system32\javaws.exe
2011-11-24 08:02:46 ----A---- C:\Windows\system32\javaw.exe
2011-11-24 08:02:46 ----A---- C:\Windows\system32\java.exe
2011-11-24 07:58:29 ----D---- C:\Program Files\Common Files\Adobe
2011-11-24 07:29:55 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-11-24 07:29:55 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-11-24 07:07:48 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2011-11-24 07:07:44 ----A---- C:\Windows\system32\SLsvc.exe
2011-11-24 07:07:44 ----A---- C:\Windows\system32\SLCExt.dll
2011-11-24 07:07:42 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2011-11-24 07:07:42 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2011-11-24 07:07:39 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2011-11-24 07:07:37 ----A---- C:\Windows\system32\mssrch.dll
2011-11-24 07:07:36 ----A---- C:\Windows\system32\drivers\spsys.sys
2011-11-24 07:07:35 ----A---- C:\Windows\system32\tquery.dll
2011-11-24 07:07:34 ----A---- C:\Windows\system32\scavenge.dll
2011-11-24 07:07:34 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2011-11-24 07:07:34 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2011-11-24 07:07:33 ----A---- C:\Windows\system32\msi.dll
2011-11-24 07:07:32 ----A---- C:\Windows\system32\imapi2fs.dll
2011-11-24 07:07:31 ----A---- C:\Windows\system32\WscEapPr.dll
2011-11-24 07:07:31 ----A---- C:\Windows\system32\wcnwiz2.dll
2011-11-24 07:07:31 ----A---- C:\Windows\system32\sysmain.dll
2011-11-24 07:07:30 ----A---- C:\Windows\system32\icardagt.exe
2011-11-24 07:07:29 ----A---- C:\Windows\system32\spreview.exe
2011-11-24 07:07:29 ----A---- C:\Windows\system32\EhStorShell.dll
2011-11-24 07:07:29 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2011-11-24 07:07:28 ----A---- C:\Windows\system32\spwizui.dll
2011-11-24 07:07:28 ----A---- C:\Windows\system32\spinstall.exe
2011-11-24 07:07:28 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2011-11-24 07:07:28 ----A---- C:\Windows\system32\drmv2clt.dll
2011-11-24 07:07:27 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-11-24 07:07:27 ----A---- C:\Windows\system32\p2psvc.dll
2011-11-24 07:07:26 ----A---- C:\Windows\system32\mssvp.dll
2011-11-24 07:07:25 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2011-11-24 07:07:24 ----A---- C:\Windows\system32\mssphtb.dll
2011-11-24 07:07:24 ----A---- C:\Windows\system32\mssph.dll
2011-11-24 07:07:24 ----A---- C:\Windows\system32\imapi2.dll
2011-11-24 07:07:23 ----A---- C:\Windows\system32\sdohlp.dll
2011-11-24 07:07:23 ----A---- C:\Windows\system32\esent.dll
2011-11-24 07:07:22 ----A---- C:\Windows\system32\IMJP10K.DLL
2011-11-24 07:07:22 ----A---- C:\Windows\system32\DevicePairing.dll
2011-11-24 07:07:21 ----A---- C:\Windows\system32\wevtsvc.dll
2011-11-24 07:07:21 ----A---- C:\Windows\system32\sperror.dll
2011-11-24 07:07:21 ----A---- C:\Windows\system32\korwbrkr.dll
2011-11-24 07:07:21 ----A---- C:\Windows\system32\IasMigReader.exe
2011-11-24 07:07:20 ----A---- C:\Windows\system32\SLC.dll
2011-11-24 07:07:20 ----A---- C:\Windows\system32\msshsq.dll
2011-11-24 07:07:19 ----A---- C:\Windows\system32\msjet40.dll
2011-11-24 07:07:19 ----A---- C:\Windows\system32\MPSSVC.dll
2011-11-24 07:07:18 ----A---- C:\Windows\system32\Query.dll
2011-11-24 07:07:18 ----A---- C:\Windows\system32\qmgr.dll
2011-11-24 07:07:17 ----A---- C:\Windows\system32\srchadmin.dll
2011-11-24 07:07:17 ----A---- C:\Windows\system32\P2PGraph.dll
2011-11-24 07:07:17 ----A---- C:\Windows\system32\msexch40.dll
2011-11-24 07:07:17 ----A---- C:\Windows\system32\diagperf.dll
2011-11-24 07:07:16 ----A---- C:\Windows\system32\winload.exe
2011-11-24 07:07:16 ----A---- C:\Windows\system32\uDWM.dll
2011-11-24 07:07:16 ----A---- C:\Windows\system32\mmc.exe
2011-11-24 07:07:16 ----A---- C:\Windows\system32\mblctr.exe
2011-11-24 07:07:15 ----A---- C:\Windows\system32\riched20.dll
2011-11-24 07:07:15 ----A---- C:\Windows\system32\IasMigPlugin.dll
2011-11-24 07:07:15 ----A---- C:\Windows\system32\dfsr.exe
2011-11-24 07:07:14 ----A---- C:\Windows\system32\RacEngn.dll
2011-11-24 07:07:14 ----A---- C:\Windows\system32\fdBth.dll
2011-11-24 07:07:13 ----A---- C:\Windows\system32\spoolss.dll
2011-11-24 07:07:13 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-11-24 07:07:13 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-11-24 07:07:13 ----A---- C:\Windows\system32\milcore.dll
2011-11-24 07:07:13 ----A---- C:\Windows\system32\EhStorAPI.dll
2011-11-24 07:07:13 ----A---- C:\Windows\system32\CertEnroll.dll
2011-11-24 07:07:12 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2011-11-24 07:07:12 ----A---- C:\Windows\system32\msvcp60.dll
2011-11-24 07:07:12 ----A---- C:\Windows\system32\msjtes40.dll
2011-11-24 07:07:12 ----A---- C:\Windows\system32\gpedit.dll
2011-11-24 07:07:12 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2011-11-24 07:07:11 ----A---- C:\Windows\system32\WinSAT.exe
2011-11-24 07:07:11 ----A---- C:\Windows\system32\infocardapi.dll
2011-11-24 07:07:10 ----A---- C:\Windows\system32\PresentationSettings.exe
2011-11-24 07:07:10 ----A---- C:\Windows\system32\es.dll
2011-11-24 07:07:09 ----A---- C:\Windows\system32\mstext40.dll
2011-11-24 07:07:09 ----A---- C:\Windows\system32\Magnify.exe
2011-11-24 07:07:09 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2011-11-24 07:07:09 ----A---- C:\Windows\system32\advapi32.dll
2011-11-24 07:07:08 ----A---- C:\Windows\system32\WebClnt.dll
2011-11-24 07:07:08 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-11-24 07:07:07 ----A---- C:\Windows\system32\WMPhoto.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\vssapi.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\slwmi.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\msxbde40.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\msexcl40.dll
2011-11-24 07:07:07 ----A---- C:\Windows\system32\comsvcs.dll
2011-11-24 07:07:06 ----A---- C:\Windows\system32\NetProjW.dll
2011-11-24 07:07:06 ----A---- C:\Windows\system32\authui.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\propsys.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\newdev.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\msrepl40.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\iedkcs32.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\iasrecst.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\gpsvc.dll
2011-11-24 07:07:05 ----A---- C:\Windows\system32\eudcedit.exe
2011-11-24 07:07:05 ----A---- C:\Windows\system32\crypt32.dll
2011-11-24 07:07:05 ----A---- C:\Windows\explorer.exe
2011-11-24 07:07:04 ----A---- C:\Windows\system32\setupapi.dll
2011-11-24 07:07:04 ----A---- C:\Windows\system32\rpcss.dll
2011-11-24 07:07:04 ----A---- C:\Windows\system32\mspbde40.dll
2011-11-24 07:07:03 ----A---- C:\Windows\system32\davclnt.dll
2011-11-24 07:07:03 ----A---- C:\Windows\system32\d3d9.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\wevtapi.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\msrd3x40.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\msltus40.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\msdtctm.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\EhStorAuthn.dll
2011-11-24 07:07:02 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-11-24 07:07:02 ----A---- C:\Windows\system32\browseui.dll
2011-11-24 07:07:01 ----A---- C:\Windows\system32\user32.dll
2011-11-24 07:07:01 ----A---- C:\Windows\system32\samsrv.dll
2011-11-24 07:07:01 ----A---- C:\Windows\system32\photowiz.dll
2011-11-24 07:07:01 ----A---- C:\Windows\system32\nlhtml.dll
2011-11-24 07:07:01 ----A---- C:\Windows\system32\ci.dll
2011-11-24 07:07:00 ----A---- C:\Windows\system32\win32spl.dll
2011-11-24 07:07:00 ----A---- C:\Windows\system32\WcnNetsh.dll
2011-11-24 07:07:00 ----A---- C:\Windows\system32\SLCommDlg.dll
2011-11-24 07:07:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-11-24 07:07:00 ----A---- C:\Windows\system32\netshell.dll
2011-11-24 07:07:00 ----A---- C:\Windows\system32\IKEEXT.DLL
2011-11-24 07:06:59 ----A---- C:\Windows\system32\drivers\rdbss.sys
2011-11-24 07:06:59 ----A---- C:\Windows\system32\compcln.exe
2011-11-24 07:06:59 ----A---- C:\Windows\system32\apds.dll
2011-11-24 07:06:58 ----A---- C:\Windows\system32\mswstr10.dll
2011-11-24 07:06:58 ----A---- C:\Windows\system32\audiosrv.dll
2011-11-24 07:06:57 ----A---- C:\Windows\system32\xmlfilter.dll
2011-11-24 07:06:57 ----A---- C:\Windows\system32\msctf.dll
2011-11-24 07:06:57 ----A---- C:\Windows\system32\emdmgmt.dll
2011-11-24 07:06:56 ----A---- C:\Windows\system32\QAGENTRT.DLL
2011-11-24 07:06:56 ----A---- C:\Windows\system32\msvcrt.dll
2011-11-24 07:06:56 ----A---- C:\Windows\system32\gdi32.dll
2011-11-24 07:06:56 ----A---- C:\Windows\system32\drivers\netio.sys
2011-11-24 07:06:56 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2011-11-24 07:06:55 ----A---- C:\Windows\system32\VSSVC.exe
2011-11-24 07:06:55 ----A---- C:\Windows\system32\SLUI.exe
2011-11-24 07:06:54 ----A---- C:\Windows\system32\sqlsrv32.dll
2011-11-24 07:06:54 ----A---- C:\Windows\system32\msrd2x40.dll
2011-11-24 07:06:54 ----A---- C:\Windows\system32\eapphost.dll
2011-11-24 07:06:54 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-11-24 07:06:53 ----A---- C:\Windows\system32\winresume.exe
2011-11-24 07:06:53 ----A---- C:\Windows\system32\propdefs.dll
2011-11-24 07:06:52 ----A---- C:\Windows\system32\shdocvw.dll
2011-11-24 07:06:52 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-11-24 07:06:51 ----A---- C:\Windows\system32\wevtutil.exe
2011-11-24 07:06:51 ----A---- C:\Windows\system32\mssitlb.dll
2011-11-24 07:06:51 ----A---- C:\Windows\system32\dbgeng.dll
2011-11-24 07:06:49 ----A---- C:\Windows\system32\swprv.dll
2011-11-24 07:06:49 ----A---- C:\Windows\system32\mmcndmgr.dll
2011-11-24 07:06:47 ----A---- C:\Windows\system32\vds.exe
2011-11-24 07:06:47 ----A---- C:\Windows\system32\drvinst.exe
2011-11-24 07:06:47 ----A---- C:\Windows\system32\devmgr.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\netlogon.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\msscb.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\msctfp.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\fdBthProxy.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2011-11-24 07:06:46 ----A---- C:\Windows\system32\BFE.DLL
2011-11-24 07:06:46 ----A---- C:\Windows\system32\adsldpc.dll
2011-11-24 07:06:45 ----A---- C:\Windows\system32\wcnwiz.dll
2011-11-24 07:06:45 ----A---- C:\Windows\system32\evr.dll
2011-11-24 07:06:44 ----A---- C:\Windows\system32\WMVSDECD.DLL
2011-11-24 07:06:44 ----A---- C:\Windows\system32\Wldap32.dll
2011-11-24 07:06:44 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-11-24 07:06:44 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\wercon.exe
2011-11-24 07:06:43 ----A---- C:\Windows\system32\wcncsvc.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\services.exe
2011-11-24 07:06:43 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\mimefilt.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2011-11-24 07:06:43 ----A---- C:\Windows\system32\comdlg32.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\certcli.dll
2011-11-24 07:06:43 ----A---- C:\Windows\system32\adtschema.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\WMNetMgr.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\rtffilt.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\reg.exe
2011-11-24 07:06:42 ----A---- C:\Windows\system32\mswdat10.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\msjter40.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\msdtcprx.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\ipsmsnap.dll
2011-11-24 07:06:42 ----A---- C:\Windows\system32\certutil.exe
2011-11-24 07:06:41 ----A---- C:\Windows\system32\w32time.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\rsaenh.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\PhotoScreensaver.scr
2011-11-24 07:06:41 ----A---- C:\Windows\system32\msshooks.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\msscntrs.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\msihnd.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\IPSECSVC.DLL
2011-11-24 07:06:41 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-11-24 07:06:41 ----A---- C:\Windows\system32\drivers\ndis.sys
2011-11-24 07:06:41 ----A---- C:\Windows\system32\bthserv.dll
2011-11-24 07:06:41 ----A---- C:\Windows\system32\bcrypt.dll
2011-11-24 07:06:40 ----A---- C:\Windows\system32\TsWpfWrp.exe
2011-11-24 07:06:40 ----A---- C:\Windows\system32\netapi32.dll
2011-11-24 07:06:40 ----A---- C:\Windows\system32\msstrc.dll
2011-11-24 07:06:40 ----A---- C:\Windows\system32\MMDevAPI.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\mtxclu.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\mscories.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\inetpp.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\hidserv.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\fundisc.dll
2011-11-24 07:06:39 ----A---- C:\Windows\system32\cryptsvc.dll
2011-11-24 07:06:38 ----A---- C:\Windows\system32\termsrv.dll
2011-11-24 07:06:38 ----A---- C:\Windows\system32\profsvc.dll
2011-11-24 07:06:38 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2011-11-24 07:06:36 ----A---- C:\Windows\system32\wdc.dll
2011-11-24 07:06:36 ----A---- C:\Windows\system32\msiexec.exe
2011-11-24 07:06:36 ----A---- C:\Windows\system32\imapi.dll
2011-11-24 07:06:36 ----A---- C:\Windows\system32\drivers\pci.sys
2011-11-24 07:06:36 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2011-11-24 07:06:36 ----A---- C:\Windows\system32\chsbrkr.dll
2011-11-24 07:06:34 ----A---- C:\Windows\system32\rasmans.dll
2011-11-24 07:06:34 ----A---- C:\Windows\system32\pnidui.dll
2011-11-24 07:06:34 ----A---- C:\Windows\system32\icardres.dll
2011-11-24 07:06:34 ----A---- C:\Windows\system32\iassdo.dll
2011-11-24 07:06:34 ----A---- C:\Windows\system32\drivers\termdd.sys
2011-11-24 07:06:34 ----A---- C:\Windows\system32\autofmt.exe
2011-11-24 07:06:33 ----A---- C:\Windows\system32\wersvc.dll
2011-11-24 07:06:33 ----A---- C:\Windows\system32\slmgr.vbs
2011-11-24 07:06:33 ----A---- C:\Windows\system32\scrrun.dll
2011-11-24 07:06:33 ----A---- C:\Windows\system32\PSHED.DLL
2011-11-24 07:06:33 ----A---- C:\Windows\system32\pdh.dll
2011-11-24 07:06:33 ----A---- C:\Windows\system32\drivers\Storport.sys
2011-11-24 07:06:33 ----A---- C:\Windows\system32\drivers\crashdmp.sys
2011-11-24 07:06:33 ----A---- C:\Windows\system32\drivers\ataport.sys
2011-11-24 07:06:33 ----A---- C:\Windows\system32\drivers\acpi.sys
2011-11-24 07:06:33 ----A---- C:\Windows\system32\dhcpcsvc.dll
2011-11-24 07:06:33 ----A---- C:\Windows\system32\clfs.sys
2011-11-24 07:06:33 ----A---- C:\Windows\system32\azroles.dll
2011-11-24 07:06:32 ----A---- C:\Windows\system32\pidgenx.dll
2011-11-24 07:06:32 ----A---- C:\Windows\system32\drivers\partmgr.sys
2011-11-24 07:06:32 ----A---- C:\Windows\system32\CertEnrollUI.dll
2011-11-24 07:06:31 ----A---- C:\Windows\system32\winlogon.exe
2011-11-24 07:06:31 ----A---- C:\Windows\system32\SyncCenter.dll
2011-11-24 07:06:30 ----A---- C:\Windows\system32\SLUINotify.dll
2011-11-24 07:06:30 ----A---- C:\Windows\system32\msjetoledb40.dll
2011-11-24 07:06:30 ----A---- C:\Windows\system32\drivers\mup.sys
2011-11-24 07:06:30 ----A---- C:\Windows\system32\comuid.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\wisptis.exe
2011-11-24 07:06:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\untfs.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\spp.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\sethc.exe
2011-11-24 07:06:29 ----A---- C:\Windows\system32\scrobj.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\ncrypt.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\kd1394.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\iassam.dll
2011-11-24 07:06:29 ----A---- C:\Windows\system32\drivers\disk.sys
2011-11-24 07:06:29 ----A---- C:\Windows\system32\certmgr.dll
2011-11-24 07:06:28 ----A---- C:\Windows\system32\printui.dll
2011-11-24 07:06:28 ----A---- C:\Windows\system32\iasnap.dll
2011-11-24 07:06:28 ----A---- C:\Windows\system32\dwm.exe
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\volsnap.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\volmgrx.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\pciidex.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\pciide.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\msrpc.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\fltMgr.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\drivers\ecache.sys
2011-11-24 07:06:28 ----A---- C:\Windows\system32\autoconv.exe
2011-11-24 07:06:28 ----A---- C:\Windows\system32\autochk.exe
2011-11-24 07:06:27 ----A---- C:\Windows\system32\wow32.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\userenv.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\osk.exe
2011-11-24 07:06:27 ----A---- C:\Windows\system32\onex.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\mswsock.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\kdcom.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\drivers\Dumpata.sys
2011-11-24 07:06:27 ----A---- C:\Windows\system32\cscript.exe
2011-11-24 07:06:27 ----A---- C:\Windows\system32\basecsp.dll
2011-11-24 07:06:27 ----A---- C:\Windows\system32\audiodg.exe
2011-11-24 07:06:26 ----A---- C:\Windows\system32\winmm.dll
2011-11-24 07:06:26 ----A---- C:\Windows\system32\spcmsg.dll
2011-11-24 07:06:26 ----A---- C:\Windows\system32\RelMon.dll
2011-11-24 07:06:26 ----A---- C:\Windows\system32\kdusb.dll
2011-11-24 07:06:26 ----A---- C:\Windows\system32\drivers\netbt.sys
2011-11-24 07:06:26 ----A---- C:\Windows\system32\drivers\atapi.sys
2011-11-24 07:06:25 ----A---- C:\Windows\system32\WinSCard.dll
2011-11-24 07:06:25 ----A---- C:\Windows\system32\WerFaultSecure.exe
2011-11-24 07:06:25 ----A---- C:\Windows\system32\rdpencom.dll
2011-11-24 07:06:25 ----A---- C:\Windows\system32\offfilt.dll
2011-11-24 07:06:25 ----A---- C:\Windows\system32\msftedit.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\wsepno.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\wiaservc.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\WerFault.exe
2011-11-24 07:06:24 ----A---- C:\Windows\system32\Utilman.exe
2011-11-24 07:06:24 ----A---- C:\Windows\system32\sysclass.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\stobject.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\SndVol.exe
2011-11-24 07:06:24 ----A---- C:\Windows\system32\prnntfy.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\odbccp32.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\msnetobj.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\mscms.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\mfplat.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\mcmde.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\diskraid.exe
2011-11-24 07:06:24 ----A---- C:\Windows\system32\apphelp.dll
2011-11-24 07:06:24 ----A---- C:\Windows\system32\adsmsext.dll
2011-11-24 07:06:23 ----A---- C:\Windows\system32\wscript.exe
2011-11-24 07:06:23 ----A---- C:\Windows\system32\ulib.dll
2011-11-24 07:06:23 ----A---- C:\Windows\system32\iasdatastore.dll
2011-11-24 07:06:23 ----A---- C:\Windows\system32\dsound.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\wscsvc.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\wscntfy.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\WMVENCOD.DLL
2011-11-24 07:06:22 ----A---- C:\Windows\system32\wlangpui.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\vdsdyn.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\rastapi.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\pnpsetup.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\logman.exe
2011-11-24 07:06:22 ----A---- C:\Windows\system32\ipsecsnp.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2011-11-24 07:06:22 ----A---- C:\Windows\system32\iashlpr.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\gpapi.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\fdProxy.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\diskpart.exe
2011-11-24 07:06:22 ----A---- C:\Windows\system32\cryptui.dll
2011-11-24 07:06:22 ----A---- C:\Windows\system32\brcpl.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\zipfldr.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\wusa.exe
2011-11-24 07:06:21 ----A---- C:\Windows\system32\wshext.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\wpccpl.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\regsvc.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\rasapi32.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\ntprint.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\netcenter.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\mscorier.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\iasrad.dll
2011-11-24 07:06:21 ----A---- C:\Windows\system32\findstr.exe
2011-11-24 07:06:20 ----A---- C:\Windows\system32\wsnmp32.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\wer.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\webcheck.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\themecpl.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\rasdlg.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\iassvcs.dll
2011-11-24 07:06:20 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-11-24 07:06:19 ----A---- C:\Windows\system32\uxsms.dll
2011-11-24 07:06:19 ----A---- C:\Windows\system32\scansetting.dll
2011-11-24 07:06:19 ----A---- C:\Windows\system32\ntmarta.dll
2011-11-24 07:06:19 ----A---- C:\Windows\system32\msutb.dll
2011-11-24 07:06:19 ----A---- C:\Windows\system32\mssprxy.dll
2011-11-24 07:06:19 ----A---- C:\Windows\system32\iasads.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\slcc.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\powrprof.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\networkmap.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\mstlsapi.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\iasacct.dll
2011-11-24 07:06:18 ----A---- C:\Windows\system32\drivers\ks.sys
2011-11-24 07:06:17 ----A---- C:\Windows\system32\powercpl.dll
2011-11-24 07:06:17 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2011-11-24 07:06:17 ----A---- C:\Windows\system32\authz.dll
2011-11-24 07:06:16 ----A---- C:\Windows\system32\systemcpl.dll
2011-11-24 07:06:16 ----A---- C:\Windows\system32\sud.dll
2011-11-24 07:06:16 ----A---- C:\Windows\system32\pcaui.dll
2011-11-24 07:06:16 ----A---- C:\Windows\system32\newdev.exe
2011-11-24 07:06:16 ----A---- C:\Windows\system32\drivers\kbdhid.sys
2011-11-24 07:06:16 ----A---- C:\Windows\system32\dot3svc.dll
2011-11-24 07:06:16 ----A---- C:\Windows\system32\connect.dll
2011-11-24 07:06:15 ----A---- C:\Windows\system32\themeui.dll
2011-11-24 07:06:15 ----A---- C:\Windows\system32\samlib.dll
2011-11-24 07:06:15 ----A---- C:\Windows\system32\mmci.dll
2011-11-24 07:06:15 ----A---- C:\Windows\system32\accessibilitycpl.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\wlanpref.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\usercpl.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\rpchttp.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\qdvd.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\ieaksie.dll
2011-11-24 07:06:14 ----A---- C:\Windows\system32\autoplay.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\wpcao.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\vdsutil.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\tapisrv.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\scksp.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\scesrv.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\regapi.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\psisdecd.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\msinfo32.exe
2011-11-24 07:06:13 ----A---- C:\Windows\system32\mpr.dll
2011-11-24 07:06:13 ----A---- C:\Windows\system32\feclient.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\wscisvif.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\rekeywiz.exe
2011-11-24 07:06:12 ----A---- C:\Windows\system32\oleprn.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\imm32.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\iaspolcy.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\Faultrep.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\drivers\exfat.sys
2011-11-24 07:06:12 ----A---- C:\Windows\system32\dpapimig.exe
2011-11-24 07:06:12 ----A---- C:\Windows\system32\dot3msm.dll
2011-11-24 07:06:12 ----A---- C:\Windows\system32\DeviceEject.exe
2011-11-24 07:06:12 ----A---- C:\Windows\system32\AudioSes.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\TSTheme.exe
2011-11-24 07:06:11 ----A---- C:\Windows\system32\tcpipcfg.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\spwinsat.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\scecli.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\rasplap.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\rasgcw.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\qedit.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\pnpui.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\perfdisk.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\ncryptui.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\hdwwiz.exe
2011-11-24 07:06:11 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2011-11-24 07:06:11 ----A---- C:\Windows\system32\extmgr.dll
2011-11-24 07:06:11 ----A---- C:\Windows\system32\cmmon32.exe
2011-11-24 07:06:11 ----A---- C:\Windows\system32\certreq.exe
2011-11-24 07:06:10 ----A---- C:\Windows\system32\whealogr.dll
2011-11-24 07:06:10 ----A---- C:\Windows\system32\tcpmon.dll
2011-11-24 07:06:10 ----A---- C:\Windows\system32\srcore.dll
2011-11-24 07:06:10 ----A---- C:\Windows\system32\SnippingTool.exe
2011-11-24 07:06:10 ----A---- C:\Windows\system32\SCardSvr.dll
2011-11-24 07:06:10 ----A---- C:\Windows\system32\PnPUnattend.exe
2011-11-24 07:06:10 ----A---- C:\Windows\system32\fdWSD.dll
2011-11-24 07:06:10 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys
2011-11-24 07:06:10 ----A---- C:\Windows\system32\drivers\USBCAMD.sys
2011-11-24 07:06:10 ----A---- C:\Windows\system32\drivers\portcls.sys
2011-11-24 07:06:10 ----A---- C:\Windows\system32\conime.exe
2011-11-24 07:06:10 ----A---- C:\Windows\system32\cmdial32.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\WMVXENCD.DLL
2011-11-24 07:06:09 ----A---- C:\Windows\system32\wlanui.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\wiaaut.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\rasppp.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\raschap.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\PnPutil.exe
2011-11-24 07:06:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\fontext.dll
2011-11-24 07:06:09 ----A---- C:\Windows\system32\drivers\npfs.sys
2011-11-24 07:06:08 ----A---- C:\Windows\system32\shwebsvc.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\shsetup.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\rasmontr.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\oobefldr.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\occache.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\mscandui.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\modemui.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\dsprop.dll
2011-11-24 07:06:08 ----A---- C:\Windows\system32\drivers\tdx.sys
2011-11-24 07:06:08 ----A---- C:\Windows\system32\drivers\pacer.sys
2011-11-24 07:06:08 ----A---- C:\Windows\system32\dimsroam.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\wmdrmsdk.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\wlgpclnt.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\smss.exe
2011-11-24 07:06:07 ----A---- C:\Windows\system32\rdpwsx.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\netplwiz.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\drivers\fastfat.sys
2011-11-24 07:06:07 ----A---- C:\Windows\system32\dataclen.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\credui.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\chtbrkr.dll
2011-11-24 07:06:07 ----A---- C:\Windows\system32\blackbox.dll
2011-11-24 07:06:06 ----A---- C:\Windows\system32\WSDMon.dll
2011-11-24 07:06:06 ----A---- C:\Windows\system32\wmpeffects.dll
2011-11-24 07:06:06 ----A---- C:\Windows\system32\networkexplorer.dll
2011-11-24 07:06:06 ----A---- C:\Windows\system32\drivers\rmcast.sys
2011-11-24 07:06:06 ----A---- C:\Windows\system32\drivers\ohci1394.sys
2011-11-24 07:06:06 ----A---- C:\Windows\system32\certprop.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\wscapi.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\wpcsvc.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\msscp.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\msrating.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\msimtf.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\logagent.exe
2011-11-24 07:06:05 ----A---- C:\Windows\system32\InkEd.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\ifmon.dll
2011-11-24 07:06:05 ----A---- C:\Windows\system32\gpresult.exe
2011-11-24 07:06:05 ----A---- C:\Windows\system32\cipher.exe
2011-11-24 07:06:04 ----A---- C:\Windows\system32\thawbrkr.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\softkbd.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\sendmail.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\olepro32.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\msctfui.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2011-11-24 07:06:04 ----A---- C:\Windows\system32\drivers\watchdog.sys
2011-11-24 07:06:04 ----A---- C:\Windows\system32\drivers\smb.sys
2011-11-24 07:06:04 ----A---- C:\Windows\system32\drivers\hidusb.sys
2011-11-24 07:06:04 ----A---- C:\Windows\system32\dmsynth.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\version.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\puiapi.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\mprapi.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\input.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\drmmgrtn.dll
2011-11-24 07:06:03 ----A---- C:\Windows\system32\drivers\udfs.sys
2011-11-24 07:06:03 ----A---- C:\Windows\system32\cdd.dll
2011-11-24 07:06:02 ----A---- C:\Windows\system32\wshbth.dll
2011-11-24 07:06:02 ----A---- C:\Windows\system32\SLLUA.exe
2011-11-24 07:06:02 ----A---- C:\Windows\system32\msisip.dll
2011-11-24 07:06:02 ----A---- C:\Windows\system32\fdSSDP.dll
2011-11-24 07:06:02 ----A---- C:\Windows\system32\fc.exe
2011-11-24 07:06:02 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2011-11-24 07:06:02 ----A---- C:\Windows\system32\dmusic.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\msjint40.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\l2nacp.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\ftp.exe
2011-11-24 07:06:01 ----A---- C:\Windows\system32\eapp3hst.dll
2011-11-24 07:06:01 ----A---- C:\Windows\system32\drivers\ndiswan.sys
2011-11-24 07:06:01 ----A---- C:\Windows\system32\cscapi.dll
2011-11-24 07:06:00 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2011-11-24 07:06:00 ----A---- C:\Windows\system32\cscdll.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\wsdchngr.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\Storprop.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\SMBHelperClass.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\rasdial.exe
2011-11-24 07:05:59 ----A---- C:\Windows\system32\rasdiag.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\fdWCN.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\dot3cfg.dll
2011-11-24 07:05:59 ----A---- C:\Windows\system32\bthudtask.exe
2011-11-24 07:05:59 ----A---- C:\Windows\system32\bthci.dll
2011-11-24 07:05:58 ----A---- C:\Windows\system32\slcinst.dll
2011-11-24 07:05:58 ----A---- C:\Windows\system32\nslookup.exe
2011-11-24 07:05:58 ----A---- C:\Windows\system32\networkitemfactory.dll
2011-11-24 07:05:58 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-11-24 07:05:58 ----A---- C:\Windows\system32\ipconfig.exe
2011-11-24 07:05:58 ----A---- C:\Windows\system32\eappcfg.dll
2011-11-24 07:05:58 ----A---- C:\Windows\system32\drivers\rassstp.sys
2011-11-24 07:05:58 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\ocsetup.exe
2011-11-24 07:05:57 ----A---- C:\Windows\system32\mmcico.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\hbaapi.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\fdeploy.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\eappgnui.dll
2011-11-24 07:05:57 ----A---- C:\Windows\system32\drivers\hidclass.sys
2011-11-24 07:05:56 ----A---- C:\Windows\system32\PNPXAssoc.dll
2011-11-24 07:05:56 ----A---- C:\Windows\system32\drivers\nwifi.sys
2011-11-24 07:05:56 ----A---- C:\Windows\system32\drivers\cdrom.sys
2011-11-24 07:05:55 ----A---- C:\Windows\system32\gpupdate.exe
2011-11-24 07:05:55 ----A---- C:\Windows\system32\csrstub.exe
2011-11-24 07:05:55 ----A---- C:\Windows\system32\cbsra.exe
2011-11-24 07:05:55 ----A---- C:\Windows\system32\bitsigd.dll
2011-11-24 07:05:54 ----A---- C:\Windows\system32\NcdProp.dll
2011-11-24 07:05:54 ----A---- C:\Windows\system32\iscsilog.dll
2011-11-24 07:05:53 ----A---- C:\Windows\system32\vdmdbg.dll
2011-11-24 07:05:53 ----A---- C:\Windows\system32\odbcconf.dll
2011-11-24 07:05:53 ----A---- C:\Windows\system32\drivers\dxg.sys
2011-11-24 07:05:53 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-11-24 07:05:52 ----A---- C:\Windows\system32\winrnr.dll
2011-11-24 07:05:52 ----A---- C:\Windows\system32\slwga.dll
2011-11-24 07:05:52 ----A---- C:\Windows\system32\midimap.dll
2011-11-24 07:05:52 ----A---- C:\Windows\system32\inetppui.dll
2011-11-24 07:05:51 ----A---- C:\Windows\system32\drivers\stream.sys
2011-11-24 07:05:51 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2011-11-24 07:05:50 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-11-24 07:05:50 ----A---- C:\Windows\system32\drivers\usb8023.sys
2011-11-24 07:05:50 ----A---- C:\Windows\system32\drivers\raspppoe.sys
2011-11-24 07:05:50 ----A---- C:\Windows\system32\drivers\bridge.sys
2011-11-24 07:05:49 ----A---- C:\Windows\system32\msimsg.dll
2011-11-24 07:05:49 ----A---- C:\Windows\system32\f3ahvoas.dll
2011-11-24 07:05:34 ----A---- C:\Windows\system32\SmiEngine.dll
2011-11-24 07:05:31 ----A---- C:\Windows\system32\wdscore.dll
2011-11-24 07:05:31 ----A---- C:\Windows\system32\PkgMgr.exe
2011-11-24 07:05:22 ----A---- C:\Windows\system32\drvstore.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\PresentationHost.exe
2011-11-24 06:59:11 ----A---- C:\Windows\system32\netfxperf.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\mscoree.dll
2011-11-24 06:59:11 ----A---- C:\Windows\system32\dfshim.dll
2011-11-24 06:53:18 ----D---- C:\Windows\system32\WindowsPowerShell
2011-11-24 06:52:09 ----A---- C:\Windows\system32\winrsmgr.dll
2011-11-24 06:51:55 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-11-24 06:51:55 ----A---- C:\Windows\system32\winrshost.exe
2011-11-24 06:51:55 ----A---- C:\Windows\system32\winrs.exe
2011-11-24 06:51:54 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-11-24 06:51:54 ----A---- C:\Windows\system32\winrssrv.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\WsmRes.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wevtfwd.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecutil.exe
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecsvc.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\wecapi.dll
2011-11-24 06:51:53 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-11-24 06:51:50 ----A---- C:\Windows\system32\winrm.vbs
2011-11-24 06:51:49 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-11-24 06:51:49 ----A---- C:\Windows\system32\WsmAuto.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WsmSvc.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-11-24 06:51:48 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-11-24 06:51:48 ----A---- C:\Windows\system32\winrscmd.dll
2011-11-24 06:49:09 ----A---- C:\Windows\system32\atmfd.dll
2011-11-24 06:49:08 ----A---- C:\Windows\system32\fontsub.dll
2011-11-24 06:49:08 ----A---- C:\Windows\system32\atmlib.dll
2011-11-24 06:49:07 ----A---- C:\Windows\system32\odbc32.dll
2011-11-24 06:49:05 ----A---- C:\Windows\system32\mshtml.dll
2011-11-24 06:49:04 ----A---- C:\Windows\system32\wininet.dll
2011-11-24 06:49:04 ----A---- C:\Windows\system32\ieframe.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\urlmon.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\mstime.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\msfeeds.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\ieui.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\iepeers.dll
2011-11-24 06:49:03 ----A---- C:\Windows\system32\ieapfltr.dll
2011-11-24 06:49:02 ----A---- C:\Windows\system32\iertutil.dll
2011-11-24 06:49:02 ----A---- C:\Windows\system32\ieencode.dll
2011-11-24 06:48:35 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-11-24 06:48:35 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-11-24 06:48:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-11-24 06:48:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-11-24 06:48:32 ----A---- C:\Windows\system32\ntdll.dll
2011-11-24 06:48:26 ----A---- C:\Windows\system32\mfc42u.dll
2011-11-24 06:48:26 ----A---- C:\Windows\system32\mfc42.dll
2011-11-24 06:48:25 ----A---- C:\Windows\system32\drivers\srv.sys
2011-11-24 06:48:23 ----A---- C:\Windows\system32\win32k.sys
2011-11-24 06:48:22 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-11-24 06:48:22 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-11-24 06:48:22 ----A---- C:\Windows\system32\dnsapi.dll
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-11-24 06:48:20 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-11-24 06:48:19 ----A---- C:\Windows\system32\drivers\afd.sys
2011-11-24 06:48:16 ----A---- C:\Windows\system32\shsvcs.dll
2011-11-24 06:48:13 ----A---- C:\Windows\system32\sdclt.exe
2011-11-24 06:48:13 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-11-24 06:48:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-11-24 06:48:12 ----A---- C:\Windows\system32\vbscript.dll
2011-11-24 06:48:11 ----A---- C:\Windows\system32\oleaut32.dll
2011-11-24 06:48:11 ----A---- C:\Windows\system32\jscript.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\sbeio.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\sbe.dll
2011-11-24 06:48:10 ----A---- C:\Windows\system32\EncDec.dll
2011-11-24 06:48:09 ----A---- C:\Windows\system32\shell32.dll
2011-11-24 06:48:07 ----A---- C:\Windows\system32\shlwapi.dll
2011-11-24 06:48:07 ----A---- C:\Windows\system32\inetcomm.dll
2011-11-24 06:48:06 ----A---- C:\Windows\system32\kernel32.dll
2011-11-24 06:43:33 ----A---- C:\Windows\system32\winsrv.dll
2011-11-24 06:43:33 ----A---- C:\Windows\system32\csrsrv.dll
2011-11-24 06:41:04 ----A---- C:\Windows\system32\mstscax.dll
2011-11-24 06:41:03 ----A---- C:\Windows\system32\tscupgrd.exe
2011-11-24 06:41:03 ----A---- C:\Windows\system32\mstsc.exe
2011-11-24 06:41:01 ----A---- C:\Windows\system32\schannel.dll
2011-11-24 06:38:03 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2011-11-24 06:37:54 ----D---- C:\ProgramData\Malwarebytes
2011-11-24 06:37:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-24 06:37:51 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-11-13 14:45:50 ----D---- C:\ProgramData\Google
2011-11-13 14:45:50 ----D---- C:\Program Files\Google
2011-11-13 14:41:49 ----D---- C:\Program Files\FileHippo.com
2011-11-13 12:05:50 ----A---- C:\Windows\lexstat.ini
2011-11-13 11:59:44 ----A---- C:\Windows\uninst.exe
2011-11-13 11:59:31 ----RASH---- C:\MSDOS.SYS
2011-11-13 11:59:31 ----RASH---- C:\IO.SYS
2011-11-11 14:38:20 ----D---- C:\ProgramData\Electronic Arts
2011-11-11 14:06:53 ----D---- C:\Program Files\Microsoft WSE
2011-11-11 14:06:30 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-11 13:53:54 ----D---- C:\Program Files\Electronic Arts

======List of files/folders modified in the last 1 month======

2011-12-01 20:47:58 ----D---- C:\Windows\Prefetch
2011-12-01 20:47:30 ----D---- C:\WINDOWS
2011-12-01 20:45:41 ----D---- C:\Windows\SoftwareDistribution
2011-12-01 20:43:41 ----RD---- C:\Program Files
2011-12-01 20:43:29 ----D---- C:\Program Files\jv16 PowerTools
2011-12-01 20:43:17 ----D---- C:\ProgramData
2011-12-01 20:40:05 ----D---- C:\Windows\System32
2011-12-01 20:40:05 ----D---- C:\Windows\inf
2011-12-01 20:40:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-01 19:14:00 ----D---- C:\Windows\Microsoft.NET
2011-12-01 19:13:48 ----RSD---- C:\Windows\assembly
2011-12-01 19:00:26 ----D---- C:\Windows\rescache
2011-12-01 18:37:27 ----SHD---- C:\Windows\Installer
2011-12-01 18:34:30 ----D---- C:\Windows\system32\en-US
2011-12-01 18:34:26 ----D---- C:\Program Files\Microsoft.NET
2011-12-01 18:32:58 ----SHD---- C:\System Volume Information
2011-12-01 18:19:35 ----D---- C:\Windows\pss
2011-12-01 18:17:53 ----D---- C:\ProgramData\NVIDIA
2011-12-01 18:15:38 ----SHD---- C:\Boot
2011-12-01 18:15:20 ----D---- C:\Windows\system32\catroot
2011-12-01 18:14:04 ----D---- C:\Windows\system32\catroot2
2011-12-01 18:12:17 ----D---- C:\Windows\system32\drivers\UMDF
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Sidebar
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Photo Gallery
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Media Player
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Mail
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Journal
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Collaboration
2011-12-01 18:10:08 ----D---- C:\Program Files\Windows Calendar
2011-12-01 18:10:08 ----D---- C:\Program Files\Movie Maker
2011-12-01 18:10:08 ----D---- C:\Program Files\Internet Explorer
2011-12-01 18:10:07 ----D---- C:\Windows\servicing
2011-12-01 18:10:07 ----D---- C:\Windows\ehome
2011-12-01 18:10:07 ----D---- C:\Program Files\Windows Defender
2011-12-01 18:10:07 ----D---- C:\Program Files\Common

Corrine · « **Reply #10 on:** December 02, 2011, 06:27:46 PM »

Hi, Ghost.

All of the log didn't post but this should take care of the remnants of the removed files. Based on your previous experience, I suggest making certain that the FileHippo updater is closed before proceeding.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code: [Select]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Firefox::
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80469&lng=en
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm072YYus&ptb=D1247B9B-6970-4413-85A2-E1BF7BC9C572&psa=&ind=2011111215&ptnrS=YKxdm072YYus&si=49737xxxxximage&st=kwd&n=77df1f2f&searchfor=
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: TotalRecipeSearch: 14ffxtbr@TotalRecipeSearch_14.com - %profile%\extensions\14ffxtbr@TotalRecipeSearch_14.com
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
FF - Ext: RebateInformer: {ED76C299-85BC-4891-9237-74A140C28832} - c:\program files\RebateInformer\Firefox

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - 
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - 
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - 
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - 
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - 
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Ghost · « **Reply #11 on:** December 02, 2011, 08:17:49 PM »

hi Corinne,
here is the complete log you requested:
ComboFix 11-12-01.01 - Brian 12/02/2011 16:01:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.901 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
   /wow section - STAGE 5
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome.manifest
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\chrome\14ffxtbr.jar
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\14ffxtbr@TotalRecipeSearch_14.com\install.rdf
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\chrome.manifest
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\chrome\ibxcomtb.jar
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.xpt
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\install.rdf
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\extensions\inboxcomtoolbar@inbox.com\install.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 21:09 . 2011-12-02 21:09   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-02 20:59 . 2011-12-02 20:59   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CD4718F-36C6-4845-9D9A-776377F81A7B}\offreg.dll
2011-12-02 20:59 . 2011-11-21 10:47   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CD4718F-36C6-4845-9D9A-776377F81A7B}\mpengine.dll
2011-12-01 23:09 . 2011-12-01 23:10   --------   d-----w-   c:\windows\system32\ca-ES
2011-12-01 23:09 . 2011-12-01 23:10   --------   d-----w-   c:\windows\system32\eu-ES
2011-12-01 23:09 . 2011-12-01 23:09   --------   d-----w-   c:\windows\system32\vi-VN
2011-12-01 22:55 . 2011-12-01 22:55   --------   d-----w-   c:\windows\system32\EventProviders
2011-12-01 22:53 . 2011-12-01 22:53   16856   ----a-w-   c:\program files\Mozilla Firefox\plugin-container.exe
2011-12-01 22:53 . 2011-12-01 22:53   719832   ----a-w-   c:\program files\Mozilla Firefox\mozcpp19.dll
2011-12-01 14:35 . 2011-12-02 01:47   --------   d-----w-   c:\program files\trend micro
2011-12-01 14:35 . 2011-12-01 14:35   --------   d-----w-   C:\rsit
2011-11-24 13:57 . 2011-09-06 21:37   320856   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-11-24 13:57 . 2011-09-06 21:36   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 13:57 . 2011-09-06 21:38   442200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-11-24 13:57 . 2011-09-06 21:36   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-11-24 13:57 . 2011-09-06 21:36   54616   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-11-24 13:57 . 2011-09-06 21:45   41184   ----a-w-   c:\windows\avastSS.scr
2011-11-24 13:57 . 2011-09-06 21:45   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-11-24 13:56 . 2011-11-24 13:56   --------   d-----w-   c:\programdata\AVAST Software
2011-11-24 13:56 . 2011-11-24 13:56   --------   d-----w-   c:\program files\AVAST Software
2011-11-24 13:03 . 2011-11-24 13:03   --------   d-----w-   c:\program files\Common Files\Java
2011-11-24 13:02 . 2011-11-24 13:02   611224   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-24 12:58 . 2011-11-24 12:58   --------   d-----w-   c:\program files\Common Files\Adobe
2011-11-24 12:29 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-11-24 12:29 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-24 12:06 . 2009-04-11 06:28   1730560   ----a-w-   c:\windows\system32\apds.dll
2011-11-24 12:05 . 2009-04-11 06:28   20992   ----a-w-   c:\windows\system32\wsdchngr.dll
2011-11-24 11:59 . 2009-11-08 15:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2011-11-24 11:59 . 2009-11-08 15:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2011-11-24 11:59 . 2009-11-08 15:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2011-11-24 11:59 . 2009-11-08 15:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2011-11-24 11:59 . 2009-11-08 15:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2011-11-24 11:52 . 2009-10-09 21:56   2048   ----a-w-   c:\windows\system32\winrsmgr.dll
2011-11-24 11:49 . 2011-02-16 14:02   292864   ----a-w-   c:\windows\system32\atmfd.dll
2011-11-24 11:48 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-11-24 11:43 . 2011-04-20 15:55   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-24 11:43 . 2011-04-20 15:50   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-11-24 11:41 . 2010-12-17 15:45   2067968   ----a-w-   c:\windows\system32\mstscax.dll
2011-11-24 11:41 . 2010-12-17 13:54   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-11-24 11:41 . 2009-04-11 06:28   63488   ----a-w-   c:\windows\system32\tscupgrd.exe
2011-11-24 11:41 . 2011-04-29 15:59   276992   ----a-w-   c:\windows\system32\schannel.dll
2011-11-24 11:38 . 2011-11-24 11:38   --------   d-----w-   c:\users\Brian\AppData\Roaming\Malwarebytes
2011-11-24 11:37 . 2011-11-24 11:37   --------   d-----w-   c:\programdata\Malwarebytes
2011-11-24 11:37 . 2011-11-24 11:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-24 11:37 . 2011-08-31 22:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-13 19:45 . 2011-11-13 19:45   --------   d-----w-   c:\program files\Google
2011-11-13 19:41 . 2011-11-13 19:41   --------   d-----w-   c:\program files\FileHippo.com
2011-11-13 17:27 . 2008-01-19 07:34   89600   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-11-13 16:59 . 1997-04-09 01:08   299520   ----a-w-   c:\windows\uninst.exe
2011-11-11 19:38 . 2011-11-11 19:38   --------   d-----w-   c:\programdata\Electronic Arts
2011-11-11 19:06 . 2011-11-11 19:06   --------   d-----w-   c:\program files\Microsoft WSE
2011-11-11 19:06 . 2006-09-28 21:05   2414360   ----a-w-   c:\windows\system32\d3dx9_31.dll
2011-11-11 18:53 . 2011-11-11 19:36   --------   d-----w-   c:\program files\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 13:02 . 2011-01-09 21:35   544656   ----a-w-   c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11   3325952   ----a-w-   c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47   248832   ----a-w-   c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 18:59   252136   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987767389-3598083916-4194163281-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 693760]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=14
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8uxtq5y0.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-PCPowerSpeed - c:\program files\PCPowerSpeed\PCPowerTray.exe
MSConfigStartUp-RebateInformer - c:\progra~1\REBATE~1\REBATE~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 16:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-02 16:12:16
ComboFix-quarantined-files.txt 2011-12-02 21:12
ComboFix2.txt 2011-12-01 15:34
.
Pre-Run: 276,551,544,832 bytes free
Post-Run: 276,552,765,440 bytes free
.
- - End Of File - - C05B445D55435653346007C5F1E1CC59
Ghost

Corrine · « **Reply #12 on:** December 02, 2011, 11:15:55 PM »

Hi, Ghost.

That seemed to do the trick.

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

In order to continue receiving security updates, Service Pack 2 needs to be installed. I suggest you also talk to your friend about enabling UAC.

In addition, both installed browsers are seriously out of date. Internet Explorer should be updated to IE9 and Firefox to version 8. Note also that Adobe Flash Player needs to be updated.

Ghost · « **Reply #13 on:** December 03, 2011, 12:32:09 AM »

hi corrine,
it is running much better;-).
i ran ComboFix /Uninstall and all was cleaned up.
i just installed sp2, turned on UAC, and i have strongly recommended updating ff and ie to the latest version. i will do adobe flash player as soon as i post this;-).
many thanks Corine

Ghost

Corrine · « **Reply #14 on:** December 03, 2011, 01:56:54 AM »

You're welcome, Ghost. (If your friend doesn't find the Printer CD, at least the computer will be updated and a heck of a lot faster than it was!)

LandzDown Forum

News: