Smitfraud-C.generic...Please Help!

C

coyotekanta

New member
Spybot SD detected Smitfraud-C.generic in my laptop, but it could not remove it. It kept insisting admin needed to be logged in. Malwarebytes indicated it as Trojan.agent-svchost.exe. Malwarebytes also could not remove it. My husband installed smifraudfix.exe, svchost removal tool and so on. Nothing worked. Before smitfraud appeared, I had "Security Scan" by Trojan, and I installed TDSSkill and removed it. And now I cannot remove smitfraud (windiws\svchost.exe). I found Spybot, you guys, now, so please please help me!

Here is DSS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kaori at 21:13:05 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.684 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Battery Meter\BTMeter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\WSED\WSED.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_S194A.tmp" /EF "HKCU"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun: [<NO NAME>]
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dExplorerRun: [McAfee] C:\Windows\system32\config\systemprofile\AppData\Roaming\F95495.exe
StartupFolder: C:\Users\Kaori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EDA23010-6CF7-447D-86DB-3B96AACEB689} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun-x64: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun-x64: [(Default)]
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kaori\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-02-25 21:17:49 20480 ----a-w- C:\Windows\svchost.exe
2012-02-25 17:55:23 691 ----a-w- C:\Users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55:23 35 ----a-w- C:\Users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-25 10:57:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-23 21:20:45 -------- d-----w- C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34:01 -------- d-----w- C:\Users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33:29 -------- d-----w- C:\Program Files\CheckPoint
2012-02-23 02:33:13 -------- d-----w- C:\ProgramData\CheckPoint
2012-02-23 02:32:44 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-23 02:16:42 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-02-20 01:20:44 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20:04 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp
2012-02-20 01:20:04 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat
2012-02-07 17:20:01 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02:47 -------- d-----w- C:\Users\Kaori\AppData\Local\DDMSettings
.
==================== Find3M ====================
.
2012-02-28 00:08:45 3104 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-02-22 12:35:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-20 01:27:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:18:32.76 ===============
 
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Thank you for your reply! I really appreciate.
I read "before you post" and ran ERUNT, also I nuked out firewall and AVG, disabled Spybot's teatime, and ran ConboFix. One msg came out, saying "C:\Windows\System32\GfxUI.exe A device attached to the system is not functioning". Cliked OK (there was no other choices).

Here is ComboFix report. (let me attach C:\....report later)


ComboFix 12-02-27.02 - Kaori 02/28/2012 17:28:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1206 [GMT -5:00]
Running from: c:\users\Kaori\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 22:38 . 2012-02-28 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 22:12 . 2012-02-28 22:25 88576 ----a-w- c:\windows\ff.exe
2012-02-28 21:32 . 2012-02-28 22:17 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 21:17 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 21:20 . 2012-02-23 22:55 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 01:14 33280 --sh--w- c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"McAfee"="c:\windows\system32\config\systemprofile\AppData\Roaming\F95495.exe" [2009-07-14 33280]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ETDWare - \Elantech\ETDCtrl.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-28 17:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 22:48
.
Pre-Run: 280,209,448,960 bytes free
Post-Run: 279,871,164,416 bytes free
.
- - End Of File - - 9F2A919591AB18448C60F18224589ACD
 
new DDS after running ComboFix

Here is my new DDS....Thanks again, thanks for helping me!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kaori at 19:50:06 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.467 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Battery Meter\BTMeter.exe
C:\Program Files (x86)\WSED\WSED.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
-netsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\SWSC.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ"&"prod=90"&"ver=10.0.1424
dExplorerRun: [McAfee] C:\Windows\system32\config\systemprofile\AppData\Roaming\F95495.exe
StartupFolder: C:\Users\Kaori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EDA23010-6CF7-447D-86DB-3B96AACEB689} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun-x64: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ"&"prod=90"&"ver=10.0.1424
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kaori\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-28 92160]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-25 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\l1c51x64.sys --> C:\Windows\system32\DRIVERS\l1c51x64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-02-28 22:40:53 -------- d-----w- C:\$RECYCLE.BIN
2012-02-28 22:24:49 -------- d-----w- C:\ComboFix
2012-02-28 22:12:05 88576 ----a-w- C:\Windows\ff.exe
2012-02-28 21:58:21 256000 ----a-w- C:\Windows\PEV.exe
2012-02-28 21:58:21 208896 ----a-w- C:\Windows\MBR.exe
2012-02-28 21:58:20 98816 ----a-w- C:\Windows\sed.exe
2012-02-28 21:58:20 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-28 21:32:09 -------- d-----w- C:\Users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-25 21:17:49 20480 ----a-w- C:\Windows\svchost.exe
2012-02-25 17:55:23 691 ----a-w- C:\Users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55:23 35 ----a-w- C:\Users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-25 10:57:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-23 21:20:45 -------- d-----w- C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34:01 -------- d-----w- C:\Users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33:29 -------- d-----w- C:\Program Files\CheckPoint
2012-02-23 02:33:13 -------- d-----w- C:\ProgramData\CheckPoint
2012-02-23 02:32:44 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-23 02:16:42 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-02-20 01:20:44 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20:04 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp
2012-02-20 01:20:04 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat
2012-02-07 17:20:01 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02:47 -------- d-----w- C:\Users\Kaori\AppData\Local\DDMSettings
.
==================== Find3M ====================
.
2012-02-28 00:08:45 3104 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-02-22 12:35:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-20 01:27:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2009-07-14 01:14:53 33280 --sh--w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe
.
============= FINISH: 19:51:25.44 ===============
 
firewall...

Well...i forgot to check if windows firewall was on when I deleted Zonealarm...windows firewall was back on when I ran ComboFix....
hope it did not interfere...

Just in case...I let you know....
 
Hi again,

That went ok. Let's continue :)

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?p=422290#post422290
Suspect::[76]
c:\windows\ff.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe
File::
c:\windows\svchost.exe
DDS::
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Combofix report after dragging the text file in it.

Thanks!
Here is a ComboFix report after I drag the text file into it.





ComboFix 12-02-27.02 - Kaori 02/29/2012 15:27:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1233 [GMT -5:00]
Running from: c:\users\Kaori\Desktop\ComboFix.exe
Command switches used :: c:\users\Kaori\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\svchost.exe"
.
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 21:03 . 2012-02-29 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 22:12 . 2012-02-28 22:42 88576 ------w- c:\windows\ff.exe
2012-02-28 21:32 . 2012-02-28 22:17 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 21:17 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 21:20 . 2012-02-23 22:55 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_22.41.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 21:04 . 2012-02-29 21:04 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-02-28 22:39 . 2012-02-28 22:39 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-02-29 20:20 . 2012-02-29 20:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022920120301\index.dat
+ 2012-02-28 20:34 . 2012-02-28 22:41 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022820120229\index.dat
+ 2012-02-20 01:27 . 2012-02-29 20:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-20 01:27 . 2012-02-28 21:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-01-28 05:37 . 2012-02-29 20:15 54096 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-29 20:15 37424 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-02-29 20:15 14376 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
+ 2011-01-28 05:37 . 2012-02-29 20:15 54096 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-29 20:15 37424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-02-29 20:15 14376 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-29 21:04 . 2012-02-29 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-29 21:04 . 2012-02-29 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-28 06:05 . 2012-02-28 22:41 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-28 06:05 . 2012-02-29 20:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-29 21:06 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-02-29 20:20 662512 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-29 20:20 121770 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-29 20:20 662512 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-29 20:20 121770 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-28 22:39 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-29 21:04 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 20:25 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-24 16:13 . 2012-02-29 21:04 4719520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
+ 2012-02-20 19:48 . 2012-02-29 21:04 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-20 19:48 . 2012-02-28 22:39 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 20:25 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-02-28 22:55 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-28 22:55 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"McAfee"="c:\windows\system32\config\systemprofile\AppData\Roaming\F95495.exe" [2009-07-14 33280]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-02-29 16:11:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 21:11
ComboFix2.txt 2012-02-28 22:48
.
Pre-Run: 279,684,186,112 bytes free
Post-Run: 279,589,400,576 bytes free
.
- - End Of File - - 7C1704A16DCD3E30E263340A1218E324
Upload was successful
 
ESET doesn't run

Hi, again.
Unfortunately ESET (thru IE) did not run though I click "install" as directed. Nothing happened. I read "FAQ" and tried to fix it but didn't find the same HKEY.....
I have no idea....

Here is a new DSS at least...


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kaori at 16:58:14 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.739 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Battery Meter\BTMeter.exe
C:\Program Files (x86)\WSED\WSED.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\SWSC.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ"&"prod=90"&"ver=10.0.1424
dExplorerRun: [McAfee] C:\Windows\system32\config\systemprofile\AppData\Roaming\F95495.exe
StartupFolder: C:\Users\Kaori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EDA23010-6CF7-447D-86DB-3B96AACEB689} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun-x64: [WSED] C:\Program Files (x86)\WSED\WSED.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ"&"prod=90"&"ver=10.0.1424
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kaori\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-28 92160]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-25 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\l1c51x64.sys --> C:\Windows\system32\DRIVERS\l1c51x64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-02-29 21:05:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-29 20:25:37 -------- d-----w- C:\ComboFix
2012-02-28 22:12:05 88576 ------w- C:\Windows\ff.exe
2012-02-28 21:58:21 256000 ----a-w- C:\Windows\PEV.exe
2012-02-28 21:58:21 208896 ----a-w- C:\Windows\MBR.exe
2012-02-28 21:58:20 98816 ----a-w- C:\Windows\sed.exe
2012-02-28 21:58:20 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-28 21:32:09 -------- d-----w- C:\Users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-25 21:17:49 20480 ----a-w- C:\Windows\svchost.exe
2012-02-25 17:55:23 691 ----a-w- C:\Users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55:23 35 ----a-w- C:\Users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-25 10:57:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-23 21:20:45 -------- d-----w- C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34:01 -------- d-----w- C:\Users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33:29 -------- d-----w- C:\Program Files\CheckPoint
2012-02-23 02:33:13 -------- d-----w- C:\ProgramData\CheckPoint
2012-02-23 02:32:44 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-23 02:16:42 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-02-20 01:20:44 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20:04 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp
2012-02-20 01:20:04 128512 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat
2012-02-07 17:20:01 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02:47 -------- d-----w- C:\Users\Kaori\AppData\Local\DDMSettings
.
==================== Find3M ====================
.
2012-02-28 00:08:45 3104 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-02-22 12:35:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-20 01:27:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:59:25.32 ======
 
Hi again,

Please see if ESET scanner runs from Firefox.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?p=422350#post422350
Collect::
C:\Windows\ff.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\F95495.exe
Rootkit::
C:\Windows\svchost.exe
Registry::
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"McAfee"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log (and ESET results if it ran successfully).
 
ComboFix report

Thanks to take care of me every day. :)
Here is a new ComboFix report.





ComboFix 12-02-27.02 - Kaori 03/02/2012 1:11.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1066 [GMT -5:00]
Running from: c:\users\Kaori\Desktop\ComboFix.exe
Command switches used :: c:\users\Kaori\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 06:19 . 2012-03-02 06:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 22:12 . 2012-02-28 22:42 88576 ------w- c:\windows\ff.exe
2012-02-28 21:32 . 2012-03-02 05:40 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 21:17 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 21:20 . 2012-02-23 22:55 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_22.41.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-02 06:19 . 2012-03-02 06:19 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-02-28 22:39 . 2012-02-28 22:39 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-02-29 20:20 . 2012-02-29 21:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022920120301\index.dat
+ 2012-02-28 20:34 . 2012-02-28 22:41 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022820120229\index.dat
+ 2012-02-20 01:27 . 2012-03-02 06:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-20 01:27 . 2012-02-28 21:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-01-28 05:37 . 2012-03-02 05:42 54514 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 06:01 37504 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-02 06:01 14678 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
+ 2011-01-28 05:37 . 2012-03-02 05:42 54514 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 06:01 37504 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-02 06:01 14678 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-02 06:20 . 2012-03-02 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-02 06:20 . 2012-03-02 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-28 06:05 . 2012-02-28 22:41 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-28 06:05 . 2012-03-02 06:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-02 06:21 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 662512 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 121770 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 662512 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 121770 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-28 22:39 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-02 06:19 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 06:21 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-24 16:13 . 2012-03-02 06:19 5326560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
+ 2012-02-20 19:48 . 2012-03-02 06:19 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-20 19:48 . 2012-02-28 22:39 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 06:09 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-02-29 21:21 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-29 21:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-03-02 01:28:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 06:28
ComboFix2.txt 2012-02-29 21:16
ComboFix3.txt 2012-02-28 22:48
.
Pre-Run: 279,535,755,264 bytes free
Post-Run: 279,305,637,888 bytes free
.
- - End Of File - - 88E880B6E3ECB79F8194684622119BF7
Upload was successful
 
ESET report

I could run ESET after deleting Norton Security Scan.
Here is the report.



C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool\TrojanSVCHOSTRemovalTool.exe a variant of Win32/SecurityStronghold application
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Kaori\Downloads\TrojanSVCHOSTRemovalTool.exe a variant of Win32/SecurityStronghold application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
 
Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
Good. Please run TDSSKiller again and let it cure the finding this time. Post back the report. Also, please run ComboFix (let it update itself) and post back the log + fresh dds.txt log :)
 
TDSSKiller report after cure

I selected "cure" and it rebooted. ran TDSSKiller again. It said 0 threat found.
I'm attaching the report after cure.

Also there is ComboFix report.



ComboFix 12-02-27.02 - Kaori 03/02/2012 16:57:22.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1099 [GMT -5:00]
Running from: c:\users\Kaori\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\ff.exe
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 22:04 . 2012-03-02 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 21:44 . 2012-03-02 21:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 06:40 . 2012-03-02 06:40 -------- d-----w- c:\program files (x86)\ESET
2012-02-28 21:32 . 2012-03-02 05:40 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 21:20 . 2012-02-23 22:55 -------- d-----w- c:\program files (x86)\Trojan SVCHOSTRemoval Tool
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ----a-w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_22.41.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-28 22:39 . 2012-02-28 22:39 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-02 22:04 . 2012-03-02 22:04 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-02 06:37 . 2012-03-02 21:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012030220120303\index.dat
+ 2012-02-29 20:20 . 2012-02-29 21:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022920120301\index.dat
+ 2012-02-28 20:34 . 2012-02-28 22:41 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022820120229\index.dat
+ 2012-02-20 01:27 . 2012-03-02 21:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-20 01:27 . 2012-02-28 21:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-01-28 05:37 . 2012-03-02 21:47 54990 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 21:47 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-02 21:47 14702 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2011-02-02 23:36 . 2012-02-25 14:40 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-02 21:55 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 23:36 . 2012-02-25 14:40 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-02 23:36 . 2012-03-02 21:55 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 21:55 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 14:40 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-28 05:37 . 2012-03-02 21:47 54990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 21:47 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-02 21:47 14702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
+ 2011-02-02 23:36 . 2012-03-02 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 23:36 . 2012-02-25 14:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-02 21:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 23:36 . 2012-02-25 14:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 14:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-02 22:05 . 2012-03-02 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-02 22:05 . 2012-03-02 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-28 22:40 . 2012-02-28 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-28 06:05 . 2012-02-28 22:41 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-28 06:05 . 2012-03-02 21:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-02 21:03 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 662512 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 121770 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 662512 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 662512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-29 21:13 121770 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-28 22:27 121770 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-02 22:04 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-28 22:39 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-02 21:03 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 4161536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-24 16:13 . 2012-03-02 22:04 5326560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
+ 2012-02-20 19:48 . 2012-03-02 21:44 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-20 19:48 . 2012-02-28 22:39 2581000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-02-28 22:41 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 21:03 11124736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-02 06:37 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 22:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-02 06:37 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-03-02 17:11:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 22:11
ComboFix2.txt 2012-03-02 06:29
ComboFix3.txt 2012-02-29 21:16
ComboFix4.txt 2012-02-28 22:48
.
Pre-Run: 278,952,095,744 bytes free
Post-Run: 278,884,061,184 bytes free
.
- - End Of File - - A5E8E873F02C1118C35FEF30036E7CE8
 
Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?t=65312
Collect::
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp
Folder::
C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
File::
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe
C:\Users\Kaori\Downloads\TrojanSVCHOSTRemovalTool.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
 
Cf

Thanks again.

I could not make it yesterday. I was busy.
Then I tried to use ComboFix today, it said it was expired today and would reduce the function.
I exit.

Can I still use reduced function or do I have to uninstall CF/reinstall?
 
Did ComboFix ask you if you wanted to update it? It should do this and you should let it do so. If prompt was not shown please download a fresh copy of ComboFix.exe to your desktop and run the cfscript with it.
 
Cf

CD didn't ask updating, so I deleted and reinstalled CF.

Here is a new CF result.

Thanks!




ComboFix 12-03-04.02 - Kaori 03/05/2012 8:14.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1011 [GMT -5:00]
Running from: c:\users\Kaori\Downloads\ComboFix.exe
Command switches used :: c:\users\Kaori\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\Kaori\Downloads\cnet_EFit_installer_exe.exe"
"c:\users\Kaori\Downloads\TrojanSVCHOSTRemovalTool.exe"
"c:\windows\System32\config\systemprofile\AppData\Roaming\F95495.exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Trojan SVCHOSTRemoval Tool
c:\program files (x86)\Trojan SVCHOSTRemoval Tool\database.db
c:\program files (x86)\Trojan SVCHOSTRemoval Tool\Results\List-23-02-12-17-55-23.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 13:20 . 2012-03-05 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 21:44 . 2012-03-02 21:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 06:40 . 2012-03-02 06:40 -------- d-----w- c:\program files (x86)\ESET
2012-02-28 21:32 . 2012-03-02 05:40 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ------w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_13.05.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-05 13:03 . 2012-03-05 13:03 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-05 13:21 . 2012-03-05 13:21 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-28 05:37 . 2012-03-05 13:06 55728 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-05 13:06 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-05 13:06 14798 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
+ 2011-01-28 05:37 . 2012-03-05 13:06 55728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-05 13:06 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-05 13:06 14798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 13:22 . 2012-03-05 13:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 13:22 . 2012-03-05 13:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-03-05 13:03 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-05 13:21 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-24 16:13 . 2012-03-05 13:21 5643640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
- 2011-05-24 16:13 . 2012-03-05 13:03 5643640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:21 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-03-05 08:28:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 13:28
ComboFix2.txt 2012-03-05 13:10
.
Pre-Run: 280,292,651,008 bytes free
Post-Run: 280,242,356,224 bytes free
.
- - End Of File - - DE9C6D98E6C3549DAC02B045DF925DB6
Upload was successful
 
You must log in or register to reply here.
Back
Top