Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.htmlProgram started at: 05/11/2012 07:07:32 PM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 412823 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 14600 files processed.
Processing the G:\ drive
Finished processing the G:\ drive. 384 files processed.
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.
Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.
Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.
Restoring the Start Menu.
* 2 Shortcuts and Desktop items were restored.
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
Restarting Explorer.exe in order to apply changes.
Program finished at: 05/11/2012 07:19:39 PM
Execution time: 0 hours(s), 12 minute(s), and 7 seconds(s)
ComboFix 12-05-11.03 - jeff 05/11/2012 19:36:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1033 [GMT -4:00]
Running from: c:\users\jeff\Documents\Desktop\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\TELEVI~2\bar\1.bin\64BAr.dll
c:\program files\avg_free_stb_all_2011_1136_upgrade.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\ie3sh.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\3.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\5.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\5.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\5.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\5.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\5.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\5.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\5.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\5.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\5.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\5.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IEOVR.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\5.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\program files\SGPSA\SearchAssistant.dll
c:\program files\SM
c:\program files\SM\FF\chrome.manifest
c:\program files\SM\FF\content\addDialog.xul
c:\program files\SM\FF\content\firefoxOverlay.xul
c:\program files\SM\FF\content\globals.js
c:\program files\SM\FF\content\main.js
c:\program files\SM\FF\content\overlay.js
c:\program files\SM\FF\content\prefs.xul
c:\program files\SM\FF\defaults\preferences\my_addon.js
c:\program files\SM\FF\install.rdf
c:\program files\SM\FF\locale\en-US\manyffaddon.dtd
c:\program files\SM\FF\locale\en-US\manyffaddon.properties
c:\program files\SM\FF\locale\en-US\my_addon.dtd
c:\program files\SM\FF\skin\my_addon.css
c:\program files\SM\FF\skin\overlay.css
c:\program files\SM\unins000.dat
c:\program files\SM\unins000.exe
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files\TelevisionFanatic\bar\1.bin\64BAr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64DAtact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dlghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64DYn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64FEedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64HTml.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64MSg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64RAdio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files\TelevisionFanaticEI
c:\programdata\SPL9618.tmp
c:\programdata\SPLB1D1.tmp
c:\programdata\SPLB7F5.tmp
c:\programdata\SPLC210.tmp
c:\programdata\SPLFE9.tmp
c:\users\jeff\AppData\Local\{2FA27917-42DD-406B-ACE1-8F3513E4DEA4}
c:\users\jeff\AppData\Local\{2FA27917-42DD-406B-ACE1-8F3513E4DEA4}\chrome.manifest
c:\users\jeff\AppData\Local\{2FA27917-42DD-406B-ACE1-8F3513E4DEA4}\chrome\content\_cfg.js
c:\users\jeff\AppData\Local\{2FA27917-42DD-406B-ACE1-8F3513E4DEA4}\chrome\content\overlay.xul
c:\users\jeff\AppData\Local\{2FA27917-42DD-406B-ACE1-8F3513E4DEA4}\install.rdf
c:\users\jeff\AppData\Roaming\Privacy components
c:\users\jeff\AppData\Roaming\Privacy components\dbases\cg.dat
c:\users\jeff\AppData\Roaming\Privacy components\dbases\mw.dat
c:\users\jeff\AppData\Roaming\Privacy components\dbases\rd.dat
c:\users\jeff\AppData\Roaming\Privacy components\dbases\sc.dat
c:\users\jeff\AppData\Roaming\Privacy components\dbases\sm.dat
c:\users\jeff\AppData\Roaming\Privacy components\dbases\sp.dat
c:\users\jeff\AppData\Roaming\Privacy components\keys\cg.key
c:\users\jeff\AppData\Roaming\Privacy components\keys\rd.key
c:\users\jeff\AppData\Roaming\Privacy components\keys\sc.key
c:\users\jeff\AppData\Roaming\Privacy components\keys\sp.key
c:\users\jeff\AppData\Roaming\Privacy components\temp\spfilter
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 21:56 . 2012-05-11 21:56 -------- d-----w- c:\users\jeff\AppData\Roaming\U3
2012-05-10 22:13 . 2012-05-10 22:13 -------- d-----w- c:\users\jeff\AppData\Roaming\DriverCure
2012-05-10 22:13 . 2012-05-10 22:13 -------- d-----w- c:\users\jeff\AppData\Roaming\SpeedyPC Software
2012-05-10 22:13 . 2012-05-10 22:39 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 03:27 . 2012-05-05 03:27 -------- d-----w- c:\program files\Application Updater
2012-05-05 03:27 . 2012-05-05 03:27 -------- d-----w- c:\program files\pdfforge Toolbar
2012-05-03 00:57 . 2012-05-03 00:57 -------- d-----w- c:\program files\Classic Craps
2012-04-12 07:30 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-12 07:14 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:14 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:14 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:14 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 16:56 . 2012-03-31 12:41 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 16:56 . 2011-06-14 13:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 14:23 . 2012-04-08 14:23 20 ----a-w- c:\users\jeff\AppData\Local\ELITUYIHITAMAGA.DLL
2012-03-14 22:23 . 2012-04-06 18:16 54784 ----a-w- c:\windows\system32\pdfcmon.dll
2012-02-24 23:50 . 2009-05-30 02:52 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-04 03:44 . 2011-01-04 03:44 3280472 ----a-w- c:\program files\vpsetup.exe
2011-01-03 23:17 . 2011-01-03 23:17 293176 ----a-w- c:\program files\SoftonicDownloader_for_voice-changer-software.exe
2011-01-03 23:13 . 2011-01-03 23:12 16976896 ----a-w- c:\program files\vcs_cnt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06 721840 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 03:58 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9b97401-98e1-4942-930d-c36652dab7f2}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\TranslatorBar_5\tbTran.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b9b97401-98e1-4942-930d-c36652dab7f2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B9B97401-98E1-4942-930D-C36652DAB7F2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jeff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jeff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jeff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-20 4347120]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Nnusa"="c:\users\jeff\AppData\Local\sLackbkr.dll" [2010-10-22 20]
"Itofuho"="c:\users\jeff\AppData\Local\elituyihitamaga.dll" [2012-04-08 20]
"DVDFab Passkey"="c:\program files\DVDFab Passkey\DVDFabPasskey.exe" [2011-12-10 1136632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048]
"isCfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-23 607624]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-23 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 88608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2011-06-16 1314308]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-24 983904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
.
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Forget Me Not.lnk - c:\program files\Mindscape\AGPrint\PMREMIND.EXE [N/A]
RCA Detective.lnk - c:\users\jeff\Documents\RCA Detective\RCADetective.exe [2009-7-19 1069056]
RollerCoaster Tycoon 3 Registration.lnk - c:\users\jeff\AppData\Local\Temp\{A8FCFD41-FC52-4698-8628-2BEF02ACAB35}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [2010-9-3 2991464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-11-17 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:56]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 01:16]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=baecd383000000000000001fc610954b
mStart Page = hxxp://www.bigseekpro.com/nchfilebulldog/{0751B2CB-B1B9-4012-BAFB-EC522F6B9B55}
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-agent.exe - c:\users\jeff\AppData\Roaming\PC\agent.exe
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-RCA Digital Voice Manager_is1 - c:\users\jeff\Documents\RCA Digital Voice Manager\unins000.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-{654986E1-B6C9-4CA4-A478-B13025E739DE}_is1 - c:\program files\SM\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-05-11 19:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?archAssistant.dll?.dll?
??F;?;???c:\program files\Fast Browser Se
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-11 19:51:21
ComboFix-quarantined-files.txt 2012-05-11 23:51
.
Pre-Run: 119,535,456,256 bytes free
Post-Run: 120,618,319,872 bytes free
.
- - End Of File - - BCAD973AB27D59F41AAD726547C33204
