Inactive Fake BSOD spyware?

SxRacer108 · 2010/12/15

[Inactive] Fake BSOD spyware?

Hey guys, this is my second time posting here.. I just got a text from my girlfriend with the enclosed picture. The computer wont boot to windows (Vista). and the following picture shows up. Her Malwarebytes, CC cleaner, etc. have been removed and she cannot access them. Once i get home im going to try to resolve the issue, not sure how i should go about it.
Would a Windows recovery disk fix the issue?
Thank you in advance.

Ok i see i cannot upload the photo.... so a general description is a Blue screen (still shows some desktop icons). and the background reads...

WARNING! Your computer is infected with spyware!
All you do with your computer is stored forever in your hard disk.
Where you visit sites, send emails...All your actions are (text blocked by icons), and it is impossible to remove them with standard tools.
Your data is still available for forensics and in some cases..
(text on screen is too small to read in print..)

PROTECT YOURSELF NOW! REMOVE ALL YOUR SPYWARE FROM YOUR PC!

PeteC · 2010/12/15

Please read this as indicated at the head of the forum and post the logs requested in this thread.

If you cannot download on the infected computer download on another and transfer across to the Desktop.

Only Contributing Members can post attachments - the workaround is to post the image on a photohosting site and the URL here, but I think we get the message

SxRacer108 · 2010/12/15

ok ill try to d/l to my pc and transfer to hers...not sure how accessible her computer is at the moment..

SxRacer108 · 2010/12/16

ok so i started her computer up, held in f8 to boot safe mode, and the computer wont boot, doesnt sound like its even posting. She got the pc from dell so we have no windows discs or anything with the pc. Is there a program i can d/l and burn to a disc that will boot when the computer is started to find/fix the issue? Or am I in over my head here?

Thanks again guys!

PeteC · 2010/12/16

Please wait for one of our Malware Analysts to respond - the solution is unlikely to be straightforward.

SxRacer108 · 2010/12/16

Ok thanks, hoping to have it resolved by the weekend, or i may need to send it somewhere to get it fixed Thanks for your quick replies!

broni · 2010/12/16

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

SxRacer108 · 2010/12/16

I downloaded and burned that file, inserted the disc into her computer. booted up and it does nothing, the CD drive starts to spin then stops.. I get no beeps no nothin, the fan turns on and thats about it. It almost seems as if the mobo fried... The screen wont even turn on. doesnt POST no getting into the bios. nothin..
*commencing head against wall slam*

broni · 2010/12/16

Well, in that case, I suggest you start new topic in Windows, or hardware forum to seek more help.

SxRacer108 · 2010/12/16

Ok I got it!
I unplugged the computer from the wall..let sit, reattached the power supply cable and booted...right into safe mode.

System tools 2011 was the virus infecting the computer.. I manually deleted the files and the registry entries. I rebooted into normal mode and vuala! the problem is gone.

I am running Malwarebytes as we speek to scan for anything that may be left behind. and have checked the active processes list and the boot services (via msconfig). I dont see anything abnormal.. any other suggested scans?

I almost ran outta hope, sometimes you just gotta go back to basics i guess

broni · 2010/12/16

Nice job

Please, read this post, then post the requested log(s).

SxRacer108 · 2010/12/17

Will do, should i mark this thread solved and post the logs in a new thread as "Fake BSOD log files "? or keep this one open?

broni · 2010/12/17

You post all logs right here.

SxRacer108 · 2010/12/19

Here are the logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 546
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 133):
0x02208000 \SystemRoot\system32\ntoskrnl.exe
0x0271B000 \SystemRoot\system32\hal.dll
0x00605000 \SystemRoot\system32\kdcom.dll
0x0060F000 \SystemRoot\system32\PSHED.dll
0x00623000 \SystemRoot\system32\CLFS.SYS
0x00680000 \SystemRoot\system32\CI.dll
0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EC000 \SystemRoot\system32\drivers\acpi.sys
0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00955000 \SystemRoot\system32\drivers\pci.sys
0x00985000 \SystemRoot\System32\drivers\partmgr.sys
0x0099A000 \SystemRoot\system32\drivers\volmgr.sys
0x00732000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AE000 \SystemRoot\system32\drivers\pciide.sys
0x009B5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C5000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D8000 \SystemRoot\system32\drivers\atapi.sys
0x00798000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A50000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A64000 \SystemRoot\system32\drivers\mfehidk.sys
0x00AE3000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00AEF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
0x00B76000 \SystemRoot\system32\drivers\msrpc.sys
0x00E06000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E5E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x007BC000 \SystemRoot\system32\drivers\volsnap.sys
0x00FE2000 \SystemRoot\System32\Drivers\spldr.sys
0x00FEA000 \SystemRoot\System32\Drivers\mup.sys
0x00DCD000 \SystemRoot\System32\drivers\ecache.sys
0x00BC6000 \SystemRoot\system32\drivers\disk.sys
0x0100F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0103B000 \SystemRoot\system32\drivers\crcdisk.sys
0x01067000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01074000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0107D000 \SystemRoot\system32\DRIVERS\processr.sys
0x04608000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x01090000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B62000 \SystemRoot\System32\drivers\watchdog.sys
0x04B71000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B84000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x04BB5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04BD1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04BDE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0116F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04BE9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x011B5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04C0C000 \SystemRoot\system32\DRIVERS\storport.sys
0x04C69000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04C76000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04C99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04CA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04CD6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04CE6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04D04000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04D1C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04D2E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04D3C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04D48000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04D4A000 \SystemRoot\system32\DRIVERS\ks.sys
0x04D7E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04D89000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D99000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04DE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0560B000 \SystemRoot\system32\drivers\HdAudio.sys
0x05654000 \SystemRoot\system32\drivers\portcls.sys
0x0568F000 \SystemRoot\system32\drivers\drmk.sys
0x056B2000 \SystemRoot\system32\drivers\ksthunk.sys
0x056B8000 \SystemRoot\system32\drivers\viahduaa.sys
0x057DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x057E7000 \SystemRoot\System32\Drivers\Null.SYS
0x05600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x057F0000 \SystemRoot\System32\drivers\vga.sys
0x00BDA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04DF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04C00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x009E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01000000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05A01000 \SystemRoot\System32\drivers\tcpip.sys
0x05B75000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x05BA1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05BAA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BBC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05C0B000 \SystemRoot\system32\drivers\mfewfpk.sys
0x05C4E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05C58000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05C75000 \SystemRoot\system32\DRIVERS\smb.sys
0x05C90000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05CD4000 \SystemRoot\system32\drivers\afd.sys
0x05D41000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05D5F000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x05D70000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05D7F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05D9A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05DE8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05BBE000 \SystemRoot\System32\Drivers\dfsc.sys
0x05E03000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05E30000 \SystemRoot\system32\drivers\mfefirek.sys
0x05E9A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05EA5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05EB3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05EBF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x05EC7000 \SystemRoot\System32\drivers\Dxapi.sys
0x05ED3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x05EE6000 \SystemRoot\system32\drivers\luafv.sys
0x05F08000 \SystemRoot\system32\drivers\spsys.sys
0x05FA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05FB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07A08000 \SystemRoot\system32\drivers\HTTP.sys
0x07AA7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07AD0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07AEE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07B08000 \SystemRoot\system32\drivers\mrxdav.sys
0x07B2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07B58000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07BA1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07BC0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C04000 \SystemRoot\System32\DRIVERS\srv.sys
0x07C9A000 \SystemRoot\system32\drivers\peauth.sys
0x07D50000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07D5B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07D97000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07DCC000 \SystemRoot\system32\drivers\cfwids.sys
0x07DDA000 \SystemRoot\system32\drivers\mfeapfk.sys
0x07D6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BC0000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
564 csrss.exe
620 C:\Windows\System32\wininit.exe
648 csrss.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
276 C:\Windows\System32\Ati2evxx.exe
336 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\audiodg.exe
268 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\SLsvc.exe
1064 C:\Windows\System32\svchost.exe
1148 C:\Program Files\Dell\DellDock\DockLogin.exe
1260 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\spoolsv.exe
1476 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\Ati2evxx.exe
1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
1964 C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
1984 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2000 C:\Windows\System32\dlcxcoms.exe
2036 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1324 C:\Windows\System32\svchost.exe
1764 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2056 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2152 C:\Windows\System32\SearchIndexer.exe
2204 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2264 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2396 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2700 C:\Windows\System32\dwm.exe
2732 C:\Windows\explorer.exe
2820 C:\Windows\System32\taskeng.exe
2948 C:\Windows\System32\taskeng.exe
3080 C:\Program Files\Windows Sidebar\sidebar.exe
3116 C:\Program Files (x86)\AIM\aim.exe
3340 C:\Program Files\Dell\DellDock\DellDock.exe
3364 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
3400 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3408 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
3428 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3484 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3496 C:\Program Files\McAfee.com\Agent\mcagent.exe
3640 C:\Program Files\Windows Media Player\wmpnscfg.exe
3688 C:\Program Files\Windows Media Player\wmpnetwk.exe
3816 C:\Windows\System32\wbem\unsecapp.exe
3972 WmiPrvSE.exe
1092 C:\Program Files\iPod\bin\iPodService.exe
3304 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2168 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5028 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4748 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
480 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3480 C:\Windows\SysWOW64\notepad.exe
360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3956 C:\Windows\System32\SearchProtocolHost.exe
4812 C:\Windows\System32\SearchFilterHost.exe
4940 C:\Users\jamie\Desktop\VIRUS\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5BA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/5/2009 11:45:46 AM
System Uptime: 12/19/2010 1:51:57 PM (1 hours ago)

Motherboard: Dell Inc. | | 0F896N
Processor: AMD Phenom(tm) 9750 Quad-Core Processor | AM2 | 2400/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 337.841 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.915 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AIM 7
AIM Toolbar
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Download Updater (AOL LLC)
FrostWire 4.18.3
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Default Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Works
MSVCRT
Platform
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skins
ToggleEN Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VIA Platform Device Manager
Vuze
Vuze Toolbar
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by jamie at 14:19:05.18 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.6142.4492 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\jamie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYWWR3OF\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = ${URL_SEARCHPAGE}
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100903200614.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe "
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\jamie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100903200614.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} -
TB-X64: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-9-3 528616]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-5 53488]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-3 75288]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-3 279752]
R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-12-7 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-12-7 234888]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 McMPFSvc;McAfee Personal Firewall Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-3 355440]
R2 McNaiAnn;McAfee VirusScan Announcer; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-3 355440]
R2 McProxy;McAfee Proxy Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-3 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-3 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-3 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-3 148520]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-3 62416]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-9-3 189880]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-3 440688]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-10-5 1152000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-5-24 35840]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-3 93840]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-10-5 226832]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-17 05:00:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-12-17 05:00:38 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-12-17 05:00:34 96256 ----a-w- C:\Windows\System32\fontsub.dll
2010-12-17 05:00:34 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-12-17 05:00:34 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-12-17 05:00:34 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-12-17 05:00:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-12-17 05:00:34 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-17 04:58:07 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-17 04:58:06 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe
2010-12-17 04:58:06 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe
2010-12-17 04:58:06 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-17 04:58:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-17 04:58:06 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll
2010-12-17 04:57:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-17 04:57:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-17 04:56:12 854528 ----a-w- C:\Windows\System32\schedsvc.dll
2010-12-17 04:56:11 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-12-17 04:56:11 499712 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-12-17 04:56:11 357376 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-12-17 04:56:10 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-12-17 04:56:10 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-12-17 04:56:10 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-12-17 04:56:10 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-12-09 20:52:59 749832 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-26 12:39:34 388096 ----a-r- C:\Users\jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-26 12:39:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-24 01:13:42 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 01:13:42 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-18 14:25:55 87552 ----a-w- C:\Windows\System32\consent.exe
2010-10-18 14:20:48 2751488 ----a-w- C:\Windows\System32\win32k.sys

============= FINISH: 14:19:45.10 ===============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

12/19/2010 2:16:54 PM
mbam-log-2010-12-19 (14-16-54).txt

Scan type: Quick scan
Objects scanned: 116135
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/12/19

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

SxRacer108 · 2010/12/19

ComboFix 10-12-18.02 - jamie 12/19/2010 18:31:37.1.4 - x64
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.6142.4854 [GMT -5:00]
Running from: c:\users\jamie\Desktop\VIRUS\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 23:37 . 2010-12-19 23:37 -------- d-----w- c:\users\jamie\AppData\Local\temp
2010-12-19 23:37 . 2010-12-19 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 05:00 . 2010-11-03 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-17 05:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-12-17 05:00 . 2010-10-28 15:18 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 05:00 . 2010-10-28 15:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-17 05:00 . 2010-10-28 13:23 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 05:00 . 2010-10-28 13:03 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-17 05:00 . 2010-06-16 15:52 96256 ----a-w- c:\windows\system32\fontsub.dll
2010-12-17 05:00 . 2010-06-16 15:12 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-17 04:58 . 2010-10-12 14:15 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 04:58 . 2010-10-12 16:16 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-17 04:58 . 2010-10-12 15:48 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2010-12-17 04:58 . 2010-10-12 14:15 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-17 04:58 . 2010-10-12 13:52 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2010-12-17 04:58 . 2010-10-12 13:52 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-17 04:57 . 2010-10-28 13:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-17 04:57 . 2010-10-28 12:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-17 04:56 . 2010-11-06 04:35 854528 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-17 04:56 . 2010-11-06 11:10 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-17 04:56 . 2010-11-06 04:35 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-17 04:56 . 2010-11-06 04:35 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-12-17 04:56 . 2010-11-06 11:10 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-17 04:56 . 2010-11-06 04:35 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-17 04:56 . 2010-11-05 00:53 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-17 04:56 . 2010-11-04 21:16 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-12-09 20:52 . 2010-12-09 20:52 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-26 12:39 . 2010-11-26 12:39 388096 ----a-r- c:\users\jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-26 12:39 . 2010-11-26 12:39 -------- d-----w- c:\program files (x86)\Trend Micro
2010-11-24 01:13 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 01:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 00:08 . 2010-10-30 23:41 447659 ----a-w- c:\windows\smc.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-04-15 16:33 2515552 ----a-w- c:\program files (x86)\ToggleEN\tbTog0.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b} "= "c:\program files (x86)\ToggleEN\tbTog0.dll" [2010-04-15 2515552]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"Aim "= "c:\program files (x86)\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]
"Dell DataSafe Online "= "c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]

c:\users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-08 35840]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 93840]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-01-13 226832]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 75288]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 279752]
S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 566152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 62416]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 440688]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1152000]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{F3CE28CA-0276-4127-8D93-F92087718AB5}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"DLCXCATS "= "c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "

[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2010-12-19 18:39:46
ComboFix-quarantined-files.txt 2010-12-19 23:39

Pre-Run: 364,607,111,168 bytes free
Post-Run: 364,522,811,392 bytes free

- - End Of File - - 47FF58301B162A775CFACDA3BF27D991

broni · 2010/12/19

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\program files (x86)\AskBarDis


Driver::
ASKService
ASKUpgrade


Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
 "{3041d03e-fd4b-44e0-b742-2d9b88305f98} "=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

broni · 2010/12/24

Are you still out there?

SxRacer108 · 2010/12/27

yeah had the holidays happen...virus popped up again last night...soo redid everything i did before and got rid of it again...aparently only temporarily...gonna do what was said in the post before this one and post the logs now..

SxRacer108 · 2010/12/27

ok ran combofix.. at the end i got 2 popups...one saying that the registry editor had an error and had to shut down...and one that said PEV.cfxxe had errors as well..but that only popped up once..

Here is the log from combofix:

ComboFix 10-12-26.01 - jamie 12/27/2010 18:58:43.2.4 - x64
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.6142.4600 [GMT -5:00]
Running from: c:\users\jamie\Desktop\VIRUS\ComboFix.exe
Command switches used :: c:\users\jamie\Desktop\VIRUS\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Emsisoft Anti-Malware *Disabled/Updated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\AskBarDis
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
c:\program files (x86)\AskBarDis\bar\bin\askPopStp.dll
c:\program files (x86)\AskBarDis\bar\bin\AskService.exe
c:\program files (x86)\AskBarDis\bar\bin\AskSplash.exe
c:\program files (x86)\AskBarDis\bar\bin\AskTBApp.exe
c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files (x86)\AskBarDis\bar\bin\psvince.dll
c:\program files (x86)\AskBarDis\bar\Settings\AskLogo.ico
c:\program files (x86)\AskBarDis\bar\Settings\config.dat
c:\program files (x86)\AskBarDis\bar\Settings\config.dat.bak
c:\program files (x86)\AskBarDis\unins000.dat
c:\program files (x86)\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ASKService
-------\Service_ASKUpgrade

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 00:15 . 2010-12-28 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 00:15 . 2010-12-28 00:22 -------- d-----w- c:\users\jamie\AppData\Local\temp
2010-12-26 22:21 . 2010-12-28 00:22 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2010-12-17 05:00 . 2010-11-03 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-17 05:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-12-17 05:00 . 2010-10-28 15:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-17 05:00 . 2010-10-28 13:03 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-17 05:00 . 2010-06-16 15:12 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-17 04:58 . 2010-10-12 14:15 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 04:58 . 2010-10-12 16:16 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-17 04:58 . 2010-10-12 15:48 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2010-12-17 04:58 . 2010-10-12 14:15 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-17 04:58 . 2010-10-12 13:52 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2010-12-17 04:58 . 2010-10-12 13:52 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-17 04:57 . 2010-10-28 12:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-17 04:56 . 2010-11-06 11:10 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-17 04:56 . 2010-11-06 11:10 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-17 04:56 . 2010-11-05 00:53 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-09 20:52 . 2010-12-09 20:52 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 12:39 . 2010-11-26 12:39 388096 ----a-r- c:\users\jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-31 00:08 . 2010-10-30 23:41 447659 ----a-w- c:\windows\smc.zip
.

((((((((((((((((((((((((((((( SnapShot@2010-12-19_23.38.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2010-12-19 18:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2010-12-28 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-19 18:52 . 2010-12-28 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-19 18:52 . 2010-12-19 18:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2010-12-28 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2010-12-19 18:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2010-12-27 23:44 53308 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2010-12-28 00:21 72292 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-13 22:23 . 2010-12-28 00:21 19104 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2617970951-1773889679-3906546258-1000_UserData.bin
+ 2009-10-13 22:20 . 2010-12-28 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 22:20 . 2010-12-19 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-13 22:20 . 2010-12-19 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 22:20 . 2010-12-28 00:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-13 22:20 . 2010-12-28 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-13 22:20 . 2010-12-19 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-19 18:52 . 2010-12-19 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-28 00:19 . 2010-12-28 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-28 00:19 . 2010-12-28 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-19 18:52 . 2010-12-19 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-14 00:41 . 2010-12-27 03:01 223242 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-04-15 16:33 2515552 ----a-w- c:\program files (x86)\ToggleEN\tbTog0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b} "= "c:\program files (x86)\ToggleEN\tbTog0.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"Aim "= "c:\program files (x86)\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]
"Dell DataSafe Online "= "c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]

c:\users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-08 35840]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 93840]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-01-13 226832]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-09-05 48216]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 75288]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 279752]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-12-17 2850296]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 566152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-09-19 84752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 62416]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 440688]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1152000]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{F3CE28CA-0276-4127-8D93-F92087718AB5}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix "= "c:\combofix\CF15509.cfxxe" [X]
"DLCXCATS "= "c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files (x86)\AskBarDis\unins000.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "

[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2guard.exe
.
**************************************************************************
.
Completion time: 2010-12-27 19:29:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-28 00:29
ComboFix2.txt 2010-12-19 23:39

Pre-Run: 360,859,230,208 bytes free
Post-Run: 360,460,808,192 bytes free

- - End Of File - - 32D237495E5B0B263D5FB72A66132D56

Log in or Sign up

Inactive Fake BSOD spyware?

SxRacer108 Inactive Thread Starter

PeteC SuperGeek Staff

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

PeteC SuperGeek Staff

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Fake BSOD spyware?

SxRacer108 Inactive Thread Starter

PeteC SuperGeek Staff

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

PeteC SuperGeek Staff

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

SxRacer108 Inactive Thread Starter

SxRacer108 Inactive Thread Starter

Share This Page

Useful Searches