NEEEED Help are moving Nasty virus/spyware! Professionals welcome

WHY_ME · March 15, 2013, 04:03:03 AM

To note it seems that whatever you asked me to do restored my internet service back but I'm still leery and 'll wait for the "All Clear" like the admin said. Here is the log for the Combo fix:

ComboFix 13-03-14.02 - No ID 03/15/2013 0:41.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8151.6388 [GMT -4:00]
Running from: c:\users\No ID\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\programdata\SPL9686.tmp
c:\programdata\SPL9DB5.tmp
c:\programdata\SPLCD7B.tmp
c:\users\Carol\AppData\Roaming\Owifc
c:\users\Carol\AppData\Roaming\Owifc\qeuz.ley
c:\users\Raziel\ac3filter_2_5b.exe
c:\users\Raziel\asc-setup(2).exe
c:\users\Raziel\ChromeSetup.exe
c:\users\Raziel\defragsetup.exe
c:\users\Raziel\DivXInstaller(1).exe
c:\users\Raziel\DivXInstaller.exe
c:\users\Raziel\FoxitReader545.0124_enu_Setup.exe
c:\users\Raziel\GoToAssistDownloadHelper.exe
c:\users\Raziel\PeerBlock-Setup_v1.1_r518(1).exe
c:\users\Raziel\uTorrent-3.3.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 04:46 . 2013-03-15 04:46   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2013-03-15 04:46 . 2013-03-15 04:46   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-15 04:46 . 2013-03-15 04:46   --------   d-----w-   c:\users\Carol\AppData\Local\temp
2013-03-15 04:46 . 2013-03-15 04:46   --------   d-----w-   c:\users\Raziel\AppData\Local\temp
2013-03-14 08:09 . 2012-09-07 21:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-14 01:52 . 2013-03-14 02:14   --------   d-----w-   c:\users\No ID
2013-03-10 20:50 . 2013-03-10 20:50   --------   d-----w-   c:\users\Raziel\AppData\Roaming\Foxit Software
2013-03-10 05:38 . 2013-03-12 13:54   --------   d-----w-   c:\users\Raziel\AppData\Roaming\Movie Torrent
2013-03-10 05:37 . 2013-03-10 18:14   --------   d-----w-   c:\program files (x86)\Movie Torrent
2013-03-10 05:37 . 2013-03-12 13:54   --------   d-----w-   c:\program files (x86)\Savvy Suggestor
2013-03-10 02:17 . 2013-03-14 08:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-10 02:17 . 2013-03-10 02:17   --------   d-----w-   c:\users\Raziel\AppData\Local\Programs
2013-03-09 04:20 . 2013-03-12 13:54   --------   d-----w-   c:\program files\PeerBlock
2013-03-04 00:15 . 2013-03-04 00:15   --------   d-----w-   c:\program files\iPod
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\program files\iTunes
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\program files (x86)\iTunes
2013-03-02 17:58 . 2013-03-02 17:58   544688   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-03-02 17:58 . 2013-03-02 17:58   526256   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-01 00:41 . 2013-02-28 08:36   177672   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-03-01 00:41 . 2013-02-28 08:36   65408   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-02-24 21:06 . 2013-02-24 21:06   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-02-24 21:05 . 2013-02-24 21:05   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:31 . 2013-02-15 22:31   186432   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31   186432   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 17:25 . 2013-01-09 01:10   996352   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 17:25 . 2013-01-08 22:01   768000   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 17:24 . 2013-01-04 05:46   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-02-15 17:24 . 2013-01-04 02:47   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-02-15 17:24 . 2013-01-04 02:47   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-02-15 17:24 . 2013-01-04 04:51   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-02-15 17:24 . 2013-01-04 02:47   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-02-15 17:24 . 2013-01-04 02:47   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-02-15 17:24 . 2013-01-04 03:26   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-02-15 17:23 . 2013-01-03 06:00   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-02-15 17:23 . 2013-01-03 06:00   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-15 17:23 . 2013-01-05 05:53   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-02-15 17:23 . 2013-01-05 05:00   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 17:23 . 2013-01-05 05:00   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 16:57 . 2013-01-09 01:22   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2013-02-15 16:57 . 2013-02-15 16:57   --------   d-----w-   c:\users\Default\AppData\Roaming\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 03:57 . 2012-07-08 22:51   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 03:57 . 2011-05-19 22:43   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 21:05 . 2012-07-08 22:25   861088   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2013-02-24 21:05 . 2010-06-09 22:45   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-02-15 17:28 . 2010-06-09 22:51   70004024   ----a-w-   c:\windows\system32\MRT.exe
2013-01-15 23:49 . 2012-08-14 19:20   26432   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2013-01-04 04:43 . 2013-02-15 17:24   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 06:03   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 06:03   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 06:03   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 06:03   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2010-08-09 316072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
.
c:\users\Raziel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\No ID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

R3 aswVmm;aswVmm;
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt;
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-12 202752]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 03:57]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879902097-4090409096-1998136832-1001Core.job
- c:\users\Raziel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 05:01]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879902097-4090409096-1998136832-1001UA.job
- c:\users\Raziel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 05:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\No ID\AppData\Roaming\Mozilla\Firefox\Profiles\3240ilzk.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-24 16:00; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,23,64,8d,0f,d7,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="*Spammer*?????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="*Spammer*?????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2013-03-15 00:55:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-15 04:55
.
Pre-Run: 816,990,511,104 bytes free
Post-Run: 817,051,717,632 bytes free
.
- - End Of File - - E0CF2AE9B89E282F8DF85255DC1B3897

WHY_ME · March 15, 2013, 04:05:35 AM

Once again thank you guys for taking the time out to respond. Hopefully everything can be fixed and then I'll take he next step to be more vigilant with whom I let to use the computer. I'm retiring but I will be notified if anyone posts so whenever you can just get back to me to continue the process.

Corrine · March 15, 2013, 06:00:21 PM

Hi, WHY_ME.

I'm so glad that I was able to get you up and running again. Seeing the user account name Raziel associated with uTorrent and Peer-to-Peer Block, is that the account your cousin used? If so, I suggest you remove or at least disable it. In addition, I suggest you disable the guest account.

Open Local Users and Groups by clicking the Start button
Type lusrmgr.msc in the Search box, and then press ENTER.
Provide the Administrator password or confirmation when prompted.
Click Users, and then double-click Guest.
Select the Account is disabled check box.

I suspect that your cousin also installed the programs "Movie Torrent" and "PeerBlock", which I advise removing.

Now that you have Internet access again, let's get the vulnerable software programs updated. Unfortunately, Adobe and Oracle Java products have been major targets lately.

Java
Due to the increasing number of Java vulnerabilities, it is my recommendation to remove Java where possible, although because you use OpenOffice, which requires Java, I suggest you disable it when not needed. See my article, Java, The Never-Ending Saga. Also, expect a Java update sooner rather than later due to the ease it fell in Pwn2Own 2013.

In the meantime, please update Java to version 17 from here: Java Version 7 Update 17.

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional

Adobe:
If you wish to stick with Adobe Reader, you can download the latest version from here: Download Adobe Reader, but uninstall the current version first. Getting just the update is available here: Update

With Adobe (like Java), you need to be watchful when installing it to avoid unwanted extras. Should you wish to try a different PDF reader, I have been very happy with Sumatra PDF. See Replacing Adobe Reader with Sumatra PDF, which includes the download link in the References section.

Most times when a security update is released for Adobe Flash Player. Adobe AIR is also updated. Check for the latest version of Adobe AIR here: AIR Download Center. Again, beware of pre-checked add-ons. They are not needed.

Firefox
The current version of Firefox is 19.0.2. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." Since you mentioned having a Mac, be sure to get the update on that system as well.

Before I provide additional instructions with ComboFix, I would like to see an on-line scan. Please advise if Raziel is the account your cousin used and I will include additional data for removal.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

WHY_ME · March 21, 2013, 01:47:33 AM

Sorry for responding so late I had a family emergency so I wasn't able to log in to the forums as quickly as I hooped. I am back though and I did as you said, but there was a problem that happened with the scan. The first time I performed the scan it got to 100% and it said there was an "Error 2002" so I just hit back and it is rescanning as we speak now. Hopefully it finishes completely this time. To answer your previous question, yes that "Raziel" account is the one my cousin used. Prior to asking for help I removed the user profile so it doesn't show up. I'm not sure if the files are still present from that user profile, but it is not an option to select when windows starts up. Thanks again for the help and if you can just respond as soon as you can so I can resolve this. I'll post the log from the scan once it is finished. Sorry again for the late response!

WHY_ME · March 21, 2013, 04:49:14 AM

Here is the log from the Scan hope it will aid you guys in helping me solve this problem:

C:\CCE_Quarantine\{6635E26D-DC63-4741-BDE4-315D5DC78266}   Java/Exploit.Agent.NAO trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Users\Raziel\ac3filter_2_5b.exe.vir   Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Users\Raziel\FoxitReader545.0124_enu_Setup.exe.vir   a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\ac3filter_2_5b.exe   Win32/OpenCandy application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\FoxitReader545.0124_enu_Setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\asc-setup(2).exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\asc-setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\cnet_DivXInstaller_exe.exe   a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\cnet_FoxitReader502_0718_enu_Setup_exe(1).exe   a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\cnet_FoxitReader502_0718_enu_Setup_exe.exe   a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\cnet_TrueCrypt Setup 7_1_exe.exe   a variant of Win32/InstallCore.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\defragsetup(1).exe   a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\FoxitReader502.0718_enu_Setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\sd2-setup220.exe   a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\SystemRestore\FRStaging\Users\Raziel\Downloads\smart-defrag-setup-beta.exe   Win32/Toolbar.Widgi application
C:\Users\Raziel\Downloads\asc-setup(2).exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Raziel\Downloads\asc-setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Raziel\Downloads\cnet_DivXInstaller_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Raziel\Downloads\cnet_FoxitReader502_0718_enu_Setup_exe(1).exe   a variant of Win32/InstallCore.D application
C:\Users\Raziel\Downloads\cnet_FoxitReader502_0718_enu_Setup_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Raziel\Downloads\cnet_TrueCrypt Setup 7_1_exe.exe   a variant of Win32/InstallCore.D application
C:\Users\Raziel\Downloads\defragsetup(1).exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Raziel\Downloads\FoxitReader502.0718_enu_Setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Raziel\Downloads\sd2-setup220.exe   a variant of Win32/Toolbar.Widgi application
C:\Users\Raziel\Downloads\smart-defrag-setup-beta.exe   Win32/Toolbar.Widgi application

Corrine · March 21, 2013, 07:33:55 PM

Hi, WHY_ME.

Most of the findings from the ESET scan are already quarantined, although your Dell DataSafe backup has files detected in the backup -- files that correspond with things Raziel did while using your computer. So, I advise you to be sure to get a clean backup when we're finished.

Now that you confirmed it was Raziel, all associated with his profile, please uninstall the following:

FoxitReader*
Movie Torrent
PeerBlock

*Since you have Adobe Reader, you don't need Foxit as well, although you could keep Foxit now that the extras he got with the download have been removed and remove Adobe Reader.

After uninstalling those programs, restart your computer and run ComboFix as instructed below. ComboFix will pick up an orphans.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


ClearJavaCache::

Folder::
c:\users\Raziel
c:\users\Default\AppData\Roaming\IObit

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

WHY_ME · March 21, 2013, 11:54:06 PM

I uninstalled what you asked me to and here is the log from ComboFix:

ComboFix 13-03-21.01 - No ID 03/21/2013 19:44:13.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8151.6359 [GMT -4:00]
Running from: c:\users\No ID\Desktop\ComboFix.exe
Command switches used :: c:\users\No ID\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\IObit
c:\users\Default\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime\AscTray_Delay.Log
c:\users\Default\AppData\Roaming\IObit\Advanced SystemCare V6\License.log
c:\users\Default\AppData\Roaming\IObit\Advanced SystemCare V6\Main.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-21 23:50 . 2013-03-21 23:50   --------   d-----w-   c:\users\SYSTEM\AppData\Local\temp
2013-03-21 23:50 . 2013-03-21 23:50   --------   d-----w-   c:\users\Raziel\AppData\Local\temp
2013-03-21 23:50 . 2013-03-21 23:50   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2013-03-21 23:50 . 2013-03-21 23:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-21 23:50 . 2013-03-21 23:50   --------   d-----w-   c:\users\Carol\AppData\Local\temp
2013-03-21 00:35 . 2013-03-21 00:35   --------   d-----w-   c:\program files (x86)\SumatraPDF
2013-03-20 22:54 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-03-20 22:54 . 2013-02-12 04:12   19968   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-03-14 08:09 . 2012-12-14 20:49   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-14 01:52 . 2013-03-14 02:14   --------   d-----w-   c:\users\No ID
2013-03-10 20:50 . 2013-03-10 20:50   --------   d-----w-   c:\users\Raziel\AppData\Roaming\Foxit Software
2013-03-10 05:38 . 2013-03-12 13:54   --------   d-----w-   c:\users\Raziel\AppData\Roaming\Movie Torrent
2013-03-10 05:37 . 2013-03-10 18:14   --------   d-----w-   c:\program files (x86)\Movie Torrent
2013-03-10 05:37 . 2013-03-12 13:54   --------   d-----w-   c:\program files (x86)\Savvy Suggestor
2013-03-10 02:17 . 2013-03-21 00:23   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-10 02:17 . 2013-03-10 02:17   --------   d-----w-   c:\users\Raziel\AppData\Local\Programs
2013-03-09 04:20 . 2013-03-12 13:54   --------   d-----w-   c:\program files\PeerBlock
2013-03-04 00:15 . 2013-03-04 00:15   --------   d-----w-   c:\program files\iPod
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\program files\iTunes
2013-03-04 00:15 . 2013-03-04 00:16   --------   d-----w-   c:\program files (x86)\iTunes
2013-03-02 17:58 . 2013-03-02 17:58   544688   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-03-02 17:58 . 2013-03-02 17:58   526256   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-01 00:41 . 2013-02-28 08:36   177672   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-03-01 00:41 . 2013-02-28 08:36   65408   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 05:32 . 2010-06-09 22:51   72013344   ----a-w-   c:\windows\system32\MRT.exe
2013-03-15 03:57 . 2012-07-08 22:51   693976   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 03:57 . 2011-05-19 22:43   73432   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 21:05 . 2012-07-08 22:25   861088   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2013-02-24 21:05 . 2010-06-09 22:45   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-15 04:55   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 04:55   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-15 04:55   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 04:55   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-15 04:55   474112   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 04:55   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-01-15 23:49 . 2012-08-14 19:20   26432   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2013-01-05 05:53 . 2013-02-15 17:23   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-15 17:23   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-15 17:23   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-15 17:24   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-15 17:24   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-15 17:24   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-15 17:24   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-15 17:24   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-15 17:24   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-15 17:24   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-15 17:24   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-15 17:23   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-15 17:23   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2010-08-09 316072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
.
c:\users\Raziel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\No ID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

R3 aswVmm;aswVmm;
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt;
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-12 202752]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 03:57]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879902097-4090409096-1998136832-1001Core.job
- c:\users\Raziel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 05:01]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879902097-4090409096-1998136832-1001UA.job
- c:\users\Raziel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 05:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\No ID\AppData\Roaming\Mozilla\Firefox\Profiles\3240ilzk.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-24 16:00; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,23,64,8d,0f,d7,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="*Spammer*?????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="*Spammer*?????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-21 19:52:04
ComboFix-quarantined-files.txt 2013-03-21 23:52
ComboFix2.txt 2013-03-15 04:55
.
Pre-Run: 814,115,205,120 bytes free
Post-Run: 814,028,300,288 bytes free
.
- - End Of File - - E4A218657E06E1622FFAD704C646B6F3

Corrine · March 22, 2013, 02:16:29 PM

Hi, WHY_ME.

Looks like we can cut you loose now. You can delete SecurityCheck from your desktop and then do the following to clean up the tools we used.

Please do the following to uninstall AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Uninstall
Confirm with yes

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

Aside from only letting your cousin use your computer with a limited account, it is important to keep third party software updated. This includes Adobe products, Oracle Java and Firefox. See "So how did I get infected in the first place?" for additional information.

Let me know if you have any questions.

WHY_ME · March 26, 2013, 09:23:08 PM

Ok I uninstalled the AdwCleaner and Securityfix but as far as Combo fix I'm not able to do what you asked. I clicked start and I typed in "run", but when I copy and pasted what you asked me to I received this message: "Windows cannot find ComboFix. Make sure you type the name correctly, and then try again". Should I just uninstall it normally through the control panel ? If not can you go into any further details as to how I should go about uninstalling this program. I'm using windows 7 also if that helps any.

Corrine · March 26, 2013, 11:42:38 PM

Hi, WHY_ME.

Please download this tool from here. Double-click it to run.

Thanks.