Can't remove Win32.Autorun.tmp (newb_dc)
I goog "Can't remove Win32.Autorun.tmp" and saw this forum. I did not follow all the steps i saw within the aforementioned post but i did run old timer and ComboFix- twice to generate a log
Here is the 1st log:
ComboFix 10-12-13.02 - User 12/13/2010 22:08:55.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4092.2643 [GMT -5:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files (x86)\Dealio Toolbar\FF\components\config.ini
c:\program files (x86)\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Dealio Toolbar\FF\install.rdf
c:\program files (x86)\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\users\User\AppData\Local\{69CB5B20-2C81-49F3-BFCE-8CED9CBFEB8E}
c:\users\User\AppData\Local\{69CB5B20-2C81-49F3-BFCE-8CED9CBFEB8E}\chrome.manifest
c:\users\User\AppData\Local\{69CB5B20-2C81-49F3-BFCE-8CED9CBFEB8E}\chrome\content\_cfg.js
c:\users\User\AppData\Local\{69CB5B20-2C81-49F3-BFCE-8CED9CBFEB8E}\chrome\content\overlay.xul
c:\users\User\AppData\Local\{69CB5B20-2C81-49F3-BFCE-8CED9CBFEB8E}\install.rdf
c:\users\User\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.
2010-12-14 03:14 . 2010-12-14 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 04:57 . 2010-12-11 04:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-06 22:11 . 2010-12-06 22:11 -------- d-----w- c:\users\User\AppData\Local\Yahoo!
2010-12-06 10:17 . 2010-12-06 10:17 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-06 10:15 . 2010-12-06 10:15 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software
2010-12-06 10:13 . 2010-12-06 19:30 -------- d-----w- c:\programdata\Lavasoft
2010-12-06 09:50 . 2010-12-06 10:18 -------- d-----w- c:\program files (x86)\PC Tools Security
2010-12-06 09:24 . 2010-12-06 10:14 -------- d-----w- c:\programdata\PC Tools
2010-12-03 22:46 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2010-12-03 22:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2010-12-03 22:38 . 2010-12-03 22:38 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-03 22:24 . 2010-12-03 22:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-12-03 22:11 . 2009-11-03 22:42 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-12-03 22:11 . 2010-06-18 16:43 36352 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-12-03 22:11 . 2010-06-18 17:17 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-12-03 22:11 . 2010-06-22 13:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-03 22:11 . 2010-06-22 12:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-03 22:09 . 2010-09-08 17:30 634648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2010-12-03 22:08 . 2010-09-06 13:44 461824 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-03 22:08 . 2010-09-06 13:44 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-03 22:08 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-12-03 22:08 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2010-12-03 22:08 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-03 22:08 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2010-12-03 22:08 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-03 22:08 . 2010-09-06 13:44 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-03 22:08 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2010-12-03 22:08 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-03 22:06 . 2010-06-28 16:55 1923584 ----a-w- c:\windows\system32\ole32.dll
2010-12-03 22:06 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\SysWow64\ole32.dll
2010-12-03 22:06 . 2010-06-28 15:07 408064 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-03 22:06 . 2010-06-28 14:31 339968 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2010-12-03 22:06 . 2010-04-05 16:53 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-03 22:06 . 2010-04-05 16:08 317952 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2010-12-03 22:06 . 2010-08-10 15:36 343040 ----a-w- c:\windows\system32\schannel.dll
2010-12-03 22:06 . 2010-08-10 15:02 274432 ----a-w- c:\windows\SysWow64\schannel.dll
2010-12-03 22:06 . 2010-08-31 13:18 2751488 ----a-w- c:\windows\system32\win32k.sys
2010-12-03 22:06 . 2010-06-11 16:08 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-12-03 22:06 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-03 22:06 . 2010-05-27 19:16 81920 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-12-03 22:06 . 2010-08-17 14:04 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-03 21:58 . 2010-08-20 15:56 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2010-12-03 21:58 . 2010-08-20 15:21 866816 ----a-w- c:\windows\SysWow64\wmpmde.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-24 02:33 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-07-24 22:59 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:51 . 2009-12-27 20:25 270720 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-10 136176]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [2008-01-21 3154432]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 64000]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 143360]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-08-29 4745216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2008-08-06 56352]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4014213892-2262253623-3705919220-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 15:12]
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4014213892-2262253623-3705919220-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 15:12]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%programFiles%\Windows Defender\MSASCui.exe -hide" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5vkr42g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SmartMenu - %programFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - %programFiles%\IDT\WDM\sttray64.exe
AddRemove-InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187} - c:\progra~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-12-13 22:16:19
ComboFix-quarantined-files.txt 2010-12-14 03:16
Pre-Run: 242,864,549,888 bytes free
Post-Run: 242,775,556,096 bytes free
- - End Of File - - 9C7949CC37535D95C284DE42A329C724
Here is the 2nd log:
ComboFix 10-12-13.02 - User 12/13/2010 22:30:08.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4092.2530 [GMT -5:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.
2010-12-14 03:33 . 2010-12-14 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 04:57 . 2010-12-11 04:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-06 22:11 . 2010-12-06 22:11 -------- d-----w- c:\users\User\AppData\Local\Yahoo!
2010-12-06 10:17 . 2010-12-06 10:17 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-06 10:15 . 2010-12-06 10:15 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software
2010-12-06 10:13 . 2010-12-06 19:30 -------- d-----w- c:\programdata\Lavasoft
2010-12-06 09:50 . 2010-12-06 10:18 -------- d-----w- c:\program files (x86)\PC Tools Security
2010-12-06 09:24 . 2010-12-06 10:14 -------- d-----w- c:\programdata\PC Tools
2010-12-03 22:46 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2010-12-03 22:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2010-12-03 22:38 . 2010-12-03 22:38 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-03 22:24 . 2010-12-03 22:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-12-03 22:11 . 2009-11-03 22:42 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-12-03 22:11 . 2010-06-18 16:43 36352 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-12-03 22:11 . 2010-06-18 17:17 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-12-03 22:11 . 2010-06-22 13:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-03 22:11 . 2010-06-22 12:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-03 22:09 . 2010-09-08 17:30 634648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2010-12-03 22:08 . 2010-09-06 13:44 461824 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-03 22:08 . 2010-09-06 13:44 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-03 22:08 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-12-03 22:08 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2010-12-03 22:08 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-03 22:08 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2010-12-03 22:08 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-03 22:08 . 2010-09-06 13:44 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-03 22:08 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2010-12-03 22:08 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-03 22:06 . 2010-06-28 16:55 1923584 ----a-w- c:\windows\system32\ole32.dll
2010-12-03 22:06 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\SysWow64\ole32.dll
2010-12-03 22:06 . 2010-06-28 15:07 408064 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-03 22:06 . 2010-06-28 14:31 339968 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2010-12-03 22:06 . 2010-04-05 16:53 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-03 22:06 . 2010-04-05 16:08 317952 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2010-12-03 22:06 . 2010-08-10 15:36 343040 ----a-w- c:\windows\system32\schannel.dll
2010-12-03 22:06 . 2010-08-10 15:02 274432 ----a-w- c:\windows\SysWow64\schannel.dll
2010-12-03 22:06 . 2010-08-31 13:18 2751488 ----a-w- c:\windows\system32\win32k.sys
2010-12-03 22:06 . 2010-06-11 16:08 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-12-03 22:06 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-03 22:06 . 2010-05-27 19:16 81920 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-12-03 22:06 . 2010-08-17 14:04 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-03 21:58 . 2010-08-20 15:56 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2010-12-03 21:58 . 2010-08-20 15:21 866816 ----a-w- c:\windows\SysWow64\wmpmde.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-24 02:33 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-07-24 22:59 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:51 . 2009-12-27 20:25 270720 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-10 136176]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [2008-01-21 3154432]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 64000]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 143360]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-08-29 4745216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2008-08-06 56352]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4014213892-2262253623-3705919220-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 15:12]
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4014213892-2262253623-3705919220-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 15:12]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="%programFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="%programFiles%\IDT\WDM\sttray64.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5vkr42g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-12-13 22:35:20
ComboFix-quarantined-files.txt 2010-12-14 03:35
ComboFix2.txt 2010-12-14 03:16
Pre-Run: 242,817,675,264 bytes free
Post-Run: 242,778,718,208 bytes free
- - End Of File - - 02193A7B3CA9F22B97915A193C3A5DBE
PLEASE help me remove these bugsin advance
