Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Tellemurius]

results:

Spoiler (click to show/hide)

ComboFix 11-02-15.01 - alex 02/15/2011  14:07:27.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4026.2863 [GMT -7:00]
Running from: c:\users\alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop

.
(((((((((((((((((((((((((   Files Created from 2011-01-15 to 2011-02-15  )))))))))))))))))))))))))))))))
.

2011-02-15 21:15 . 2011-02-15 21:15   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-15 20:18 . 2011-01-13 09:20   7844688   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CA4A219-42ED-4D25-B53C-330968E830AF}\mpengine.dll
2011-02-14 03:39 . 2011-02-14 03:39   --------   d-----w-   c:\users\alex\AppData\Local\Unity
2011-02-13 19:24 . 2011-02-13 19:24   82774   ----a-w-   c:\windows\Uninstall Jade Empire.exe
2011-02-13 19:08 . 2011-02-13 19:30   --------   d-----w-   c:\program files (x86)\Jade Empire
2011-02-12 16:26 . 2011-02-12 16:26   --------   d--h--w-   c:\windows\PIF
2011-02-12 16:26 . 2011-02-12 16:26   --------   d-----w-   c:\programdata\Media Center Programs
2011-02-11 18:50 . 2011-02-11 18:51   --------   d-----w-   c:\users\alex\AppData\Roaming\wxlauncher
2011-02-11 18:50 . 2011-02-11 18:50   292   ----a-w-   c:\users\alex\AppData\Local\TemE586.tmp
2011-02-11 05:11 . 2011-02-12 04:28   --------   d-----w-   c:\program files (x86)\Common Files\Steam
2011-02-11 05:11 . 2011-02-15 21:19   --------   d-----w-   c:\program files (x86)\Steam
2011-02-11 03:00 . 2011-02-11 03:10   --------   d-----w-   c:\program files (x86)\Rogue Survivor Alpha 6
2011-02-10 15:46 . 2011-02-10 15:46   --------   d-----w-   c:\program files (x86)\MidgetReaper
2011-02-10 14:08 . 2010-12-18 03:35   2381824   ----a-w-   c:\windows\system32\mshtml.tlb
2011-02-10 14:08 . 2010-12-18 03:15   2381824   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-02-10 14:08 . 2010-12-18 03:39   1502208   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-02-10 14:08 . 2010-12-18 03:19   1448448   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-02-09 18:26 . 2010-10-27 05:18   5510528   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-02-09 18:26 . 2010-10-27 05:16   1739176   ----a-w-   c:\windows\system32\ntdll.dll
2011-02-09 18:26 . 2010-10-27 04:43   3901824   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-02-09 18:26 . 2010-10-27 04:43   3957120   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-02-09 18:26 . 2010-10-27 04:40   1293120   ----a-w-   c:\windows\SysWow64\ntdll.dll
2011-02-09 18:26 . 2011-01-07 08:06   46080   ----a-w-   c:\windows\system32\atmlib.dll
2011-02-09 18:26 . 2011-01-07 07:27   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-02-09 18:26 . 2011-01-07 05:49   366080   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 18:26 . 2011-01-07 05:33   294400   ----a-w-   c:\windows\SysWow64\atmfd.dll
2011-02-09 04:17 . 2011-02-09 04:17   --------   d-----w-   c:\users\alex\AppData\Local\Electronic Arts
2011-02-09 04:17 . 2011-02-09 04:17   --------   d-----w-   c:\programdata\Electronic Arts
2011-02-09 02:34 . 2011-02-09 02:34   --------   d-----w-   c:\program files (x86)\Microsoft WSE
2011-02-08 18:04 . 2011-02-08 18:04   --------   d-----w-   c:\users\alex\AppData\Roaming\SystemRequirementsLab
2011-02-07 17:40 . 2011-02-08 16:16   --------   d-----w-   c:\program files (x86)\UnRealWorld
2011-02-06 08:33 . 2011-02-06 08:35   --------   d-----w-   c:\users\alex\AppData\Roaming\Mount&Blade Warband
2011-02-06 08:26 . 2011-02-06 08:28   --------   d-----w-   c:\program files (x86)\Mount&Blade Warband
2011-02-05 15:06 . 2010-04-11 00:19   982240   ----a-w-   c:\windows\SysWow64\igkrng500.bin
2011-02-05 15:06 . 2010-04-11 00:19   982240   ----a-w-   c:\windows\system32\igkrng500.bin
2011-02-05 15:06 . 2010-04-11 00:19   92672   ----a-w-   c:\windows\system32\igfxCoIn_v2104.dll
2011-02-05 15:06 . 2010-04-11 00:19   208896   ----a-w-   c:\windows\SysWow64\iglhsip32.dll
2011-02-05 15:06 . 2010-04-11 00:19   205824   ----a-w-   c:\windows\system32\iglhsip64.dll
2011-02-05 15:06 . 2010-04-11 00:19   187392   ----a-w-   c:\windows\system32\iglhcp64.dll
2011-02-05 15:06 . 2010-04-11 00:19   143360   ----a-w-   c:\windows\SysWow64\iglhcp32.dll
2011-02-05 15:06 . 2010-08-26 02:23   4411904   ----a-w-   c:\windows\SysWow64\igd10umd32.dll
2011-02-05 15:06 . 2010-04-11 00:19   92356   ----a-w-   c:\windows\SysWow64\igfcg500m.bin
2011-02-05 15:06 . 2010-04-11 00:19   92356   ----a-w-   c:\windows\system32\igfcg500m.bin
2011-02-05 15:06 . 2010-04-11 00:19   439308   ----a-w-   c:\windows\SysWow64\igcompkrng500.bin
2011-02-05 15:06 . 2010-04-11 00:19   439308   ----a-w-   c:\windows\system32\igcompkrng500.bin
2011-02-04 21:11 . 2011-02-04 21:11   --------   d-----w-   c:\program files (x86)\DOSBox-0.74
2011-02-04 06:17 . 2011-02-04 06:17   --------   d-----w-   c:\program files (x86)\Will
2011-02-04 03:02 . 2011-02-04 03:02   --------   d-----w-   c:\users\alex\AppData\Local\Windows Live Writer
2011-02-04 03:02 . 2011-02-04 03:02   --------   d-----w-   c:\users\alex\AppData\Roaming\Windows Live Writer
2011-02-04 01:27 . 2011-02-04 01:27   --------   d-----w-   c:\program files (x86)\Mumble
2011-02-03 22:53 . 2011-02-03 22:53   --------   d-----w-   c:\users\alex\AppData\Local\BuildAGadget Content
2011-02-03 22:24 . 2011-02-03 22:25   --------   d-----w-   C:\ubuntu
2011-02-03 17:34 . 2011-02-04 20:41   --------   d-----w-   c:\program files (x86)\VentSrv
2011-02-03 17:29 . 2011-02-03 17:40   --------   d-----w-   c:\users\alex\AppData\Roaming\Ventrilo
2011-02-03 16:00 . 2011-02-03 16:00   --------   d-----w-   c:\program files\Ventrilo
2011-02-03 15:59 . 2011-02-03 17:33   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2011-02-01 14:43 . 1997-06-02 19:32   314880   ----a-w-   c:\windows\IsUninst.exe
2011-02-01 14:34 . 2011-02-01 14:34   --------   d-----w-   c:\program files (x86)\Orange Tree Software
2011-01-29 14:01 . 2011-01-29 14:01   350208   ----a-w-   c:\windows\SysWow64\d3drm.dll
2011-01-29 14:01 . 2011-01-29 14:01   1227264   ----a-w-   c:\windows\SysWow64\dx8vb.dll
2011-01-29 14:01 . 2011-01-29 14:00   619008   ----a-w-   c:\windows\SysWow64\dx7vb.dll
2011-01-28 23:10 . 2011-02-09 19:11   --------   d-----w-   C:\duke3d
2011-01-27 13:45 . 2011-01-27 13:45   --------   d-----w-   c:\users\alex\AppData\Local\FalloutNV
2011-01-25 07:14 . 2011-02-06 05:42   --------   d-----w-   c:\users\alex\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2011-01-25 07:05 . 2011-02-12 16:25   --------   d-----w-   c:\program files (x86)\Electronic Arts
2011-01-25 03:08 . 2011-01-25 03:08   61440   ----a-r-   c:\users\alex\AppData\Roaming\Microsoft\Installer\{EBB0DBE0-0F60-4915-85FA-EACA6B317745}\_6FAD1E8CCB49_44C2_A595_6843AFBA20CB.exe
2011-01-25 03:04 . 2011-01-25 03:11   --------   d-----w-   c:\program files (x86)\Liar
2011-01-25 01:12 . 2011-01-25 03:18   --------   d-----w-   c:\programdata\PPLive
2011-01-25 01:12 . 2010-12-10 05:18   624056   ----a-w-   c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.445\mframe.dll
2011-01-25 01:12 . 2010-12-10 05:18   312768   ----a-w-   c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.445\ppp.dll
2011-01-25 01:12 . 2010-12-10 05:18   247304   ----a-w-   c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll
2011-01-24 23:37 . 2011-01-24 23:37   539968   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-24 02:34 . 2011-01-24 02:36   --------   d-----w-   c:\users\Public\NPVR
2011-01-24 02:13 . 2011-01-24 02:13   --------   d-----w-   c:\programdata\MySQL
2011-01-24 02:13 . 2011-01-24 02:13   --------   d-----w-   c:\program files (x86)\MySQL
2011-01-24 02:01 . 2011-01-24 02:01   --------   d-----w-   c:\users\alex\AppData\Roaming\mythtv
2011-01-24 01:34 . 2011-01-24 01:44   --------   d-----w-   c:\program files (x86)\JoWooD
2011-01-24 00:49 . 2011-01-24 02:55   --------   d-----w-   c:\users\alex\AppData\Roaming\XBMC
2011-01-24 00:47 . 2011-01-24 00:48   --------   d-----w-   c:\program files (x86)\XBMC
2011-01-24 00:10 . 2011-02-11 18:27   419840   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-01-24 00:10 . 2011-02-11 18:27   133632   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-01-24 00:10 . 2011-02-11 18:27   --------   d-----w-   c:\program files (x86)\OpenAL
2011-01-24 00:09 . 2011-02-11 18:27   413696   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2011-01-24 00:09 . 2011-02-11 18:27   110592   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2011-01-23 23:56 . 2011-01-23 23:56   --------   d-----w-   c:\program files (x86)\CENEGA
2011-01-23 18:34 . 2011-01-13 09:20   7844688   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-23 03:57 . 2011-01-23 03:57   --------   d-----w-   C:\ab1ffc50a6796272ad2b0326
2011-01-22 23:23 . 2011-01-22 23:23   --------   d-----w-   c:\windows\en
2011-01-22 23:21 . 2011-01-22 23:21   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-01-22 23:21 . 2010-09-23 07:36   48488   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2011-01-22 23:21 . 2011-01-22 23:21   --------   d-----w-   c:\program files\Windows Live
2011-01-22 23:21 . 2011-01-22 23:21   --------   d-----w-   c:\program files (x86)\MSN Toolbar
2011-01-22 23:21 . 2011-01-22 23:21   --------   d-----w-   c:\program files (x86)\Bing Bar Installer
2011-01-22 23:20 . 2011-01-22 23:20   469256   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\e9dee7001cbba8a2d\InstallManager_WLE_WLE.exe
2011-01-22 23:19 . 2011-01-22 23:19   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\e1c82a8e1cbba8a21\MeshBetaRemover.exe
2011-01-22 23:19 . 2011-01-22 23:19   94040   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\da0e83981cbba8a1a\DSETUP.dll
2011-01-22 23:19 . 2011-01-22 23:19   525656   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\da0e83981cbba8a1a\DXSETUP.exe
2011-01-22 23:19 . 2011-01-22 23:19   1691480   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\da0e83981cbba8a1a\dsetup32.dll
2011-01-22 23:19 . 2011-01-22 23:19   525656   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\d9250a8d1cbba8a19\DXSETUP.exe
2011-01-22 23:19 . 2011-01-22 23:19   1691480   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\d9250a8d1cbba8a19\dsetup32.dll
2011-01-22 23:19 . 2011-01-22 23:19   94040   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\d9250a8d1cbba8a19\DSETUP.dll
2011-01-22 23:19 . 2011-02-04 03:02   --------   d-----w-   c:\users\alex\AppData\Local\Windows Live
2011-01-22 23:18 . 2009-10-10 03:17   14336   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys
2011-01-22 23:16 . 2010-03-04 04:40   184832   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2011-01-22 23:16 . 2010-03-04 04:32   243712   ----a-w-   c:\windows\system32\drivers\ks.sys
2011-01-22 23:10 . 2011-01-22 23:10   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60AC8AD0-B9C1-4A2D-A3C7-3740C43D1D71}\gapaengine.dll
2011-01-22 23:10 . 2009-09-26 06:20   223448   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2011-01-22 23:07 . 2011-01-22 23:07   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-01-22 23:06 . 2011-01-22 23:07   --------   d-----w-   c:\program files\Microsoft Security Client
2011-01-22 23:06 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-01-22 23:06 . 2010-07-13 05:37   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-01-22 22:40 . 2011-01-23 03:57   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2011-01-22 22:40 . 2011-01-22 22:40   --------   d-----w-   c:\windows\PCHEALTH
2011-01-22 22:37 . 2011-01-22 22:37   --------   d-----w-   c:\program files (x86)\Microsoft Analysis Services
2011-01-22 22:36 . 2011-01-22 22:36   --------   d-----r-   C:\MSOCache
2011-01-22 16:39 . 2011-01-22 16:39   --------   d--h--r-   c:\users\alex\AppData\Roaming\SecuROM
2011-01-22 16:39 . 2011-01-22 16:39   178800   ----a-w-   c:\windows\SysWow64\CmdLineExt_x64.dll
2011-01-22 16:39 . 2011-01-22 18:00   --------   d-----w-   c:\users\alex\AppData\Local\Oblivion
2011-01-20 16:53 . 2011-01-21 14:34   --------   d-----w-   c:\users\alex\AppData\Roaming\PlaneShift
2011-01-20 16:53 . 2011-01-20 16:54   --------   d-----w-   c:\users\alex\AppData\Roaming\CrystalApp
2011-01-20 16:53 . 2011-01-20 16:53   --------   d-----w-   c:\users\alex\AppData\Roaming\CrystalSpace
2011-01-20 16:51 . 2011-01-21 14:37   --------   d-----w-   c:\program files\PlaneShift
2011-01-20 00:56 . 2011-02-08 04:09   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-01-20 00:46 . 2011-01-20 00:46   4277016   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-20 00:45 . 2011-01-20 00:45   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-15 13:54 . 2010-12-29 21:30   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-01-26 23:54 . 2010-12-29 21:30   4277016   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-26 23:54 . 2010-12-29 21:30   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-26 23:53 . 2010-12-29 21:30   539968   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-22 23:01 . 2010-12-25 18:00   626438   ----a-w-   c:\programdata\bdinstall.bin
2011-01-01 00:54 . 2011-01-01 00:55   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-25 136176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"EADM"="c:\program files (x86)\Electronic Arts\EADM\EADMUI.exe" [2011-02-03 11509760]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-02-11 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2010-10-28 170080]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-26 828912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]

.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 01:12]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 01:12]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286034404-2381146588-1371126715-1000Core.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 20:20]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1286034404-2381146588-1371126715-1000UA.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 20:20]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cid-3574442db2060672.skydrive.live.com/home.aspx?sa=907452891
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: {3A4EECE8-BA29-4918-A214-008192801A81} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\1ej04z8t.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1296144552&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fskydrive.live.com%2Fhome.aspx&lc=1033&id=250206&cbcxt=sky
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1286034404-2381146588-1371126715-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-1286034404-2381146588-1371126715-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-1286034404-2381146588-1371126715-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-02-15  14:26:10 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-15 21:26

Pre-Run: 149,233,000,448 bytes free
Post-Run: 149,673,353,216 bytes free

- - End Of File - - 53F62433B5F23C8FA024C50BF8AD16A3

i notice that i am missing 2 desktop icons, i know one of them was steam and the other was morrowind.

[Lord Shonus]

I notice that you have lower memory usage post-run. Did your problem clear up?

[Tellemurius]

i have no idea what that was.

[G-Flex]

I suggest posting those results to BleepingComputer's forums; you'll certainly be able to find help there from people familiar with ComboFix.

[Tellemurius]

no its still doing it >.>

[G-Flex]

Then just paste the URL into the address bar. You said that works, right?

Or try booting into safe mode with networking support, and see if the problem persists there.

[Tellemurius]

omg, i switched to openDNS and there is no more redirects O_o

[G-Flex]

Where did you change your DNS settings? On your computer or your router?

Also, are you sure that did it, and that it wasn't combofix removing... something?

[Tellemurius]

alright i changed the DNS settings on my computer then wiped my dns cache. Combofix didn't work because i tested it after and i still got redirected.

[G-Flex]

alright i changed the DNS settings on my computer then wiped my dns cache. Combofix didn't work because i tested it after and i still got redirected.

From what I know, Combofix can do a few things, which is why I suggested posting on their forums for advice.

At any rate, what were the DNS settings on your computer before you changed them? Do you remember? They should have just been set to point to your router via "obtain DNS address automatically". Was some other address listed instead?

Ideally, you probably want to specify DNS server on the router, and then leave your computer's TCP/IP settings to detect DNS settings automatically.

[Tellemurius]

yea it was set to automatic settings for the router before i changed it. frankly, the qwest DNS sucks, i couldn't connect to shit most of the time.