Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i.trakjmp.com, computer screen freeze using firefox [Solved]


  • This topic is locked This topic is locked

#1
heydiddles

heydiddles

    Member

  • Member
  • PipPip
  • 13 posts
Hi, I am having a problem with my computer. The screen often freezes while using the interent and sometimes has double screen, where there are 2 edges/outlines to the same screen shot. I noticed the loading message down in the left hand corner said something similar to if not exactly, "loading from i.trkjmp.com", which seems very dodgy and apparently, from what I've been reading, is. Could you please help me to sort out what is going on with my computer and give me some idea how I can repair it? Thanks guys :help:

OTL Extras logfile created on: 16/11/2012 10:31:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\everbody\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1013.23 Mb Total Physical Memory | 223.37 Mb Available Physical Memory | 22.05% Memory free
2.24 Gb Paging File | 1.02 Gb Available in Paging File | 45.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.10 Gb Total Space | 7.26 Gb Free Space | 6.90% Space Free | Partition Type: NTFS
Drive D: | 29.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: EVERBODY-PC | User Name: everbody | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952FE4E6-2562-4311-ADD2-D61AFE451EF5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C90848-F388-498C-9CFF-9803D3503977}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{07FFC55B-D81F-4342-A696-17C145C8C92E}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{0C9C25DD-6549-484C-8EE6-18E8170E1149}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0E4564FB-6B56-400D-8822-EA5DD9449D6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0F7F6A22-8410-448E-8430-41064FBAF7AF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{117B31BC-3D57-4AB1-8613-3A71FE997513}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{179CCB06-469A-4A2F-9A7F-EDFE523B3CC0}" = protocol=17 | dir=in | app=c:\program files\driverboost\driverboost\driverboost.exe |
"{2BB6AEAA-BCD1-4367-80D9-B17D97CF6116}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3765BA04-69B7-43F8-A181-95C5455712DA}" = protocol=17 | dir=in | app=d:\sthiwv\stsetup.exe |
"{4129FE19-B554-43EF-B728-3017F595D776}" = protocol=6 | dir=in | app=c:\program files\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{429F9054-6C15-4EFE-BBBE-B80EE13F4DAD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4BCD953D-9F33-493D-BCBF-F30087CA2ADD}" = protocol=6 | dir=in | app=d:\sthiwv\stsetup.exe |
"{4CCE1E94-AA16-425D-98DD-C57C5247A16D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4E42502E-5BAD-413C-B520-BAEFCA35FDDE}" = protocol=6 | dir=in | app=c:\program files\driverboost\driverboost\driverboost.exe |
"{5A056E66-7082-4A1C-808A-247D81348CF2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6325E589-025C-4535-AFB6-5B1CA77E704E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{67395712-1C80-47DE-87E8-0C46AB451B50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{73024578-50FF-4904-A928-16FA36D99761}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7E382FA5-3ED8-47B9-8A11-EE1CF836EC8E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{84787A33-253F-4132-A852-87597CD8FD42}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{88491038-DD05-4C88-B6CB-E3D92299DF0C}" = protocol=17 | dir=in | app=c:\program files\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{88BD83BE-1B53-4760-A637-15DE9443EA50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9D27A270-A05E-4816-A46E-64F8B20B6B78}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A13020BC-B38E-402F-B9C7-2D2DED7409EE}" = protocol=17 | dir=in | app=c:\program files\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{A851BFDB-61DC-4573-AA51-F3223DE29A25}" = protocol=6 | dir=in | app=c:\program files\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{A893D9B4-3E10-4CFE-8B4C-0F7E1B09581B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AB454ADD-35AC-46B0-9832-38E69C993A64}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{B6DC2A16-4BFE-431A-BFC7-6809BE45322C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B74A6B78-516F-4A5C-8605-1F12D6D3BBA0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C4A87823-F8DD-4F6B-9465-61DBC15A0D56}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CF177CA8-F466-42FC-8540-4235A3D8C1F5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D96DCBC0-67F0-4D76-94D4-943127C2F68D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E01699FC-CFCE-471A-8CD5-CA0D9FE4F195}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E4BF938E-73E3-440F-9115-E48BA8C8A38A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F3BF45AD-7B3D-4352-A1A4-77FCDAAE2A78}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{FCB1A7E0-98FE-4C48-B8B6-76C5E592CF74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{215A6016-A40F-4D1A-ACBB-D7017771F9FE}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{307B4A5F-1E36-4294-B818-133D7E1DD624}C:\program files\torrentsearch\easydownload.exe" = protocol=6 | dir=in | app=c:\program files\torrentsearch\easydownload.exe |
"TCP Query User{33C7BFC9-F74E-4AF3-8E2E-6BDD71DEEDD0}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{39513C70-5340-4175-8028-9B1F5BF740A4}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{43F3E092-40D5-4719-86A7-74DA290F96AF}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{58D01D57-B1DD-4C6E-B574-B6E45A154065}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{69EF050B-7CAB-47E3-90A2-AF8175596CD8}C:\program files\steam\steamapps\loso_moso\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\loso_moso\team fortress 2\hl2.exe |
"TCP Query User{6CD3894E-6CFE-4B38-8A70-F8479CDAC410}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"TCP Query User{728716B5-55C1-4BAE-8D2B-99766E2A94DB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{78444B22-C04B-4729-98E5-123D486082BD}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{7CF076AD-F118-4541-96AA-7DA4AF1A32C4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{812DACE8-85C3-4FCB-B5A3-DE888BA63875}C:\users\everbody\kag\kag.exe" = protocol=6 | dir=in | app=c:\users\everbody\kag\kag.exe |
"TCP Query User{8E4FA519-5CAD-49CE-AA06-6D87DB4E90FC}C:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"TCP Query User{997B232D-AE83-4689-9964-52D6E803FFDF}C:\users\everbody\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\everbody\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C59A6745-B095-47E7-81FF-44F1D7EFAC5B}C:\users\everbody\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\everbody\appdata\local\akamai\netsession_win.exe |
"TCP Query User{CF8351D5-F9E9-4139-9341-11D9FCF1D1CD}C:\kag\kag.exe" = protocol=6 | dir=in | app=c:\kag\kag.exe |
"TCP Query User{D9628BEC-5622-444E-B1B1-EADB2EEA93AF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DCA7BA7E-46E1-413D-8125-3623A67457B4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{E7FFE2A0-6DF1-4551-920B-5DB3957A5082}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{06545D4E-F0AE-4B1A-A93B-A0556872EF4E}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{1A505C1D-AAA5-4833-99C2-5A03F43739D0}C:\users\everbody\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\everbody\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2B418A6A-2224-429B-86B0-6873F0F62650}C:\program files\torrentsearch\easydownload.exe" = protocol=17 | dir=in | app=c:\program files\torrentsearch\easydownload.exe |
"UDP Query User{2C0F7F47-5424-4136-BCBB-C3FC72DDAFA5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2C5C3528-F0EF-47C8-B26B-510D1DFA8EE7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{45EDB532-153A-4487-87FC-FB38D4EDCFD4}C:\users\everbody\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\everbody\appdata\local\akamai\netsession_win.exe |
"UDP Query User{4872D0F5-9079-474D-A6D1-2C0886041732}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{58F8AFD4-BDEA-437B-8534-2C27CDE42D6C}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{757E10AE-DD91-48AF-9225-05E7454F21A0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{94725522-6D27-48A6-AF07-7BC7FABA92CF}C:\users\everbody\kag\kag.exe" = protocol=17 | dir=in | app=c:\users\everbody\kag\kag.exe |
"UDP Query User{B039A93A-6858-4086-BEC7-38AD1EF59C9E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{BAA49495-E654-434A-AB67-6F8774FD42A8}C:\program files\steam\steamapps\loso_moso\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\loso_moso\team fortress 2\hl2.exe |
"UDP Query User{C51333DF-82F0-4467-9C8C-EE689F75FC64}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{CA04BBCA-8966-4062-837D-B7A96F036B1E}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"UDP Query User{D0F2423B-4995-4A78-B202-4C6185AB0F16}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{D4D96A87-3166-49A6-BECD-8E544C69C737}C:\kag\kag.exe" = protocol=17 | dir=in | app=c:\kag\kag.exe |
"UDP Query User{DA9114B3-396A-4746-9E65-B2631DF1BA1F}C:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"UDP Query User{E63DAA3F-AFB6-4167-B29C-3A83B340357D}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{E66AA99D-6071-4A9D-8402-85F97696F3B5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F4B91C5-4524-02A6-1D9B-5AE52CE2E0F4}" = Bamboo Dock
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643B056F-61C1-4489-9797-4D846D101A7A}" = King Arthur's Gold
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{942A4061-BB89-432F-B5C2-3DCA70244033}" = Ace of Spades
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{FD271FAB-2F69-6983-A6A4-828F357940C4}" = Livebrush Mini
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Akamai" = Akamai NetSession Interface Service
"Bamboo Dock" = Bamboo Dock 3.3
"BFG-Amazing Adventures - The Forgotten Dynasty" = Amazing Adventures: The Forgotten Dynasty
"BFG-Awakening - The Goblin Kingdom" = Awakening: The Goblin Kingdom
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Heritage - Guardians of Hope" = Dark Heritage: Guardians of Hope
"BFG-Dream Chronicles" = Dream Chronicles
"BFG-Dream Chronicles - The Book of Air" = Dream Chronicles: The Book of Air
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"BFG-Haunted Hotel - Charles Dexter Ward" = Haunted Hotel: Charles Dexter Ward
"BFG-House of 1000 Doors - Family Secrets Collector's Edition" = House of 1000 Doors: Family Secrets Collector's Edition
"BFG-House of 1000 Doors - The Palm of Zoroaster Collector's Edition" = House of 1000 Doors: The Palm of Zoroaster Collector's Edition
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"BFG-Nightmare Adventures - The Witch's Prison" = Nightmare Adventures: The Witch's Prison
"BFG-Phenomenon - City of Cyan" = Phenomenon: City of Cyan
"BFG-Plants vs Zombies" = Plants vs. Zombies
"BFG-Serpent of Isis - Your Journey Continues" = The Serpent of Isis: Your Journey Continues
"BFG-The Agency of Anomalies - Cinderstone Orphanage Collector's Edition" = The Agency of Anomalies: Cinderstone Orphanage Collector's Edition
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.gugga.radiomini" = MoodTuner
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini
"Dodo Mobile Broadband ALCATEL_is1" = Dodo Mobile Broadband
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"King Arthur's Gold (Alpha)_is1" = KAG 0.95A
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pen Tablet Driver" = Bamboo
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Shop for HP Supplies" = Shop for HP Supplies
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-0ee91fef-3490-41d9-9cc9-2679a684367c" = Plants vs. Zombies - Game of the Year
"WTA-16f2ddfd-839e-4df1-9f32-eebe32561a2a" = FATE: The Cursed King
"WTA-532e50e5-cd4e-4c34-90e4-d1659622e5c2" = Astro Avenger
"WTA-a866b92f-7ffa-40a8-aa9d-b81e2e457e08" = FATE - Undiscovered Realms
"WTA-e4742017-4b17-4103-9a81-a35566d63abe" = Bus Driver
"Yahoo! Companion" = Yahoo!7 Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for everbody
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = CopyTrans Suite Remove Only
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/09/2012 10:22:25 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/09/2012 10:22:25 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 36582

Error - 25/09/2012 10:22:25 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 36582

Error - 25/09/2012 10:22:26 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/09/2012 10:22:26 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37596

Error - 25/09/2012 10:22:26 PM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37596

Error - 26/09/2012 2:33:33 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/09/2012 2:33:33 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15104282

Error - 26/09/2012 2:33:33 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15104282

Error - 26/09/2012 2:33:35 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/09/2012 2:33:35 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15105686

Error - 26/09/2012 2:33:35 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15105686

Error - 26/09/2012 2:33:36 AM | Computer Name = everbody-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 14/11/2012 6:10:41 AM | Computer Name = everbody-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14/11/2012 6:11:48 AM | Computer Name = everbody-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/11/2012 6:59:29 AM | Computer Name = everbody-PC | Source = DCOM | ID = 10010
Description =

Error - 14/11/2012 4:40:22 PM | Computer Name = everbody-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/11/2012 4:42:30 PM | Computer Name = everbody-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/11/2012 6:36:37 PM | Computer Name = everbody-PC | Source = DCOM | ID = 10010
Description =

Error - 14/11/2012 8:15:59 PM | Computer Name = everbody-PC | Source = DCOM | ID = 10010
Description =

Error - 15/11/2012 6:06:34 AM | Computer Name = everbody-PC | Source = DCOM | ID = 10010
Description =

Error - 15/11/2012 6:17:13 PM | Computer Name = everbody-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 0021630370C4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 15/11/2012 6:22:14 PM | Computer Name = everbody-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi Gringo, and thankyou.. contents of security check is as follows -
Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#4
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
this is the contents of the adwcleaner log..

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 15:29:43
# Updated 17/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : everbody - EVERBODY-PC
# Boot Mode : Normal
# Running from : C:\Users\everbody\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Windows\system32\f3PSSavr.scr
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\everbody\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\everbody\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\everbody\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\everbody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\extensions\[email protected]
Folder Deleted : C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\extensions\[email protected]
Folder Deleted : C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\S-1-5-21-469054069-3193466649-2947917218-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default
File : C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\prefs.js

C:\Users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\user.js ... Deleted !

Deleted : user_pref("CT3227983.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3227983.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3227983.CT3227983ads1", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY2ODElMjIlMk[...]
Deleted : user_pref("CT3227983.CT3227983current_term", "YWR2ZW50dXJlY3JhZnQ=");
Deleted : user_pref("CT3227983.CT3227983sdate", "OA==");
Deleted : user_pref("CT3227983.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227983.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3227983.FirstTime", "true");
Deleted : user_pref("CT3227983.FirstTimeFF3", "true");
Deleted : user_pref("CT3227983.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3227983.UserID", "UN73372906003292173");
Deleted : user_pref("CT3227983.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3227983.autoDisableScopes", 0);
Deleted : user_pref("CT3227983.bDay_InstallDate", "OC04");
Deleted : user_pref("CT3227983.bDay_InstallFromToolbar", "eWVz");
Deleted : user_pref("CT3227983.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3227983.defaultSearch", "true");
Deleted : user_pref("CT3227983.embeddedsData", "[{\"appId\":\"129837883863670482\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3227983.enableAlerts", "always");
Deleted : user_pref("CT3227983.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3227983.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3227983.fixPageNotFoundError", "true");
Deleted : user_pref("CT3227983.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3227983.fixUrls", true);
Deleted : user_pref("CT3227983.installId", "installbrain");
Deleted : user_pref("CT3227983.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3227983.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3227983.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227983.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3227983.isNewTabEnabled", true);
Deleted : user_pref("CT3227983.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3227983.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3227983.keyword", true);
Deleted : user_pref("CT3227983.migrateAppsAndComponents", true);
Deleted : user_pref("CT3227983.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3227983.openThankYouPage", "false");
Deleted : user_pref("CT3227983.openUninstallPage", "true");
Deleted : user_pref("CT3227983.search.searchAppId", "129837883863670482");
Deleted : user_pref("CT3227983.search.searchCount", "0");
Deleted : user_pref("CT3227983.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3227983.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227983.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3227983.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3227983.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3227983.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347090050485");
Deleted : user_pref("CT3227983.serviceLayer_services_appsMetadata_lastUpdate", "1347090050494");
Deleted : user_pref("CT3227983.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347090062333");
Deleted : user_pref("CT3227983.serviceLayer_services_login_10.13.1.89_lastUpdate", "1347091180257");
Deleted : user_pref("CT3227983.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347090062530");
Deleted : user_pref("CT3227983.serviceLayer_services_searchAPI_lastUpdate", "1347090047862");
Deleted : user_pref("CT3227983.serviceLayer_services_serviceMap_lastUpdate", "1347090044053");
Deleted : user_pref("CT3227983.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347090061868");
Deleted : user_pref("CT3227983.serviceLayer_services_toolbarSettings_lastUpdate", "1347090045195");
Deleted : user_pref("CT3227983.serviceLayer_services_translation_lastUpdate", "1347090050520");
Deleted : user_pref("CT3227983.settingsINI", true);
Deleted : user_pref("CT3227983.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3227983.smartbar.CTID", "CT3227983");
Deleted : user_pref("CT3227983.smartbar.Uninstall", "0");
Deleted : user_pref("CT3227983.smartbar.homepage", true);
Deleted : user_pref("CT3227983.smartbar.isHidden", true);
Deleted : user_pref("CT3227983.smartbar.toolbarName", "appbario9 ");
Deleted : user_pref("CT3227983.startPage", "userChanged");
Deleted : user_pref("CT3227983.toolbarBornServerTime", "8-9-2012");
Deleted : user_pref("CT3227983.toolbarCurrentServerTime", "8-9-2012");
Deleted : user_pref("CT3227983.toolbarDisabled", "true");
Deleted : user_pref("CT3227983_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3227983");
Deleted : user_pref("browser.search.defaultenginename", "appbario9 Customized Web Search");
Deleted : user_pref("browser.search.order.1", "appbario9 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227983&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\everbody\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12542 octets] - [18/11/2012 15:29:43]

########## EOF - C:\AdwCleaner[S1].txt - [12603 octets] ##########
  • 0

#5
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
roguekiller report...

RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : everbody [Admin rights]
Mode : Remove -- Date : 11/18/2012 15:51:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.iprimus.com.au:8080) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542512K9SA00 ATA Device +++++
--- User ---
[MBR] 1d6ea08a4d6e34af9d109c1c43355278
[BSP] 503dda7361c0285c8e610f31b957ce69 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 107624 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 223488000 | Size: 5340 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11182012_02d1551.txt >>
RKreport[1]_S_11182012_02d1551.txt ; RKreport[2]_D_11182012_02d1551.txt
  • 0

#6
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I will try out the computer and see how it goes, will let you know if the problem persists or is fixed, thanks Gringo... Heydiddles :)
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#9
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Gringo,

I'm sorry for not replying sooner, I've been away from the computer for a few days, thankyou for your ongoing help with this, I am running your latest instructions this morning after this post..currently computer is still glitchy, showed improvement, but now is still slow to respond, loses the mouse and freezes and can still have double screen sometimes. Heydiddles
  • 0

#10
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the combofix report..

ComboFix 12-11-23.02 - everbody 24/11/2012 13:12:42.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.1013.271 [GMT 11:00]
Running from: c:\users\everbody\Downloads\ComboFix.exe
Command switches used :: log
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\CouponDropDown
c:\program files\CouponDropDown\CouponDropDownInstaller.log
c:\program files\Registry Helper
c:\program files\Registry Helper\header.gif
c:\program files\Registry Helper\help.chm
c:\program files\Registry Helper\letter1.htm
c:\program files\Registry Helper\letter2.htm
c:\program files\Registry Helper\letter3.htm
c:\program files\Registry Helper\letter4.htm
c:\program files\Registry Helper\letter5.htm
c:\program files\Registry Helper\Registry Helper Screen Saver Setup.exe
c:\program files\Registry Helper\RegistryHelperService.exe
c:\program files\Registry Helper\RegistryHelperSetupCB.exe
c:\program files\Registry Helper\RegistryHelperSetupTR.exe
c:\program files\Registry Helper\uninst.exe
c:\users\everbody\AppData\Local\CouponDropDown
c:\users\everbody\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx
c:\users\everbody\AppData\Roaming\Microsoft\Windows\Recent\Play Ace of Spades.url
c:\users\everbody\AppData\Roaming\Uninstal.exe
c:\users\Public\sdelevURL.tmp
c:\windows\$NtUninstallKB64723$
c:\windows\$NtUninstallKB64723$\3010180046
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Registry Helper Service
-------\Service_Registry Helper Service
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 02:30 . 2012-11-24 02:34 -------- d-----w- c:\users\everbody\AppData\Local\temp
2012-11-24 02:30 . 2012-11-24 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 01:08 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31A21AB5-6F86-4A85-8813-ED5975662A6D}\mpengine.dll
2012-11-23 00:12 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-20 08:57 . 2012-11-20 08:57 -------- d-----w- c:\program files\Bethesda Softworks
2012-11-20 08:53 . 2005-04-03 11:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-11-20 08:53 . 2005-04-03 12:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-11-20 08:53 . 2005-04-03 12:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-11-20 08:53 . 2005-04-03 12:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-11-20 08:53 . 2005-04-03 11:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-11-20 08:53 . 2005-04-03 12:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-11-20 08:53 . 2012-11-20 08:53 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-11-20 08:52 . 2012-11-20 08:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-11-20 08:52 . 2012-11-20 09:18 -------- d-----w- c:\users\everbody\AppData\Local\Oblivion
2012-11-15 06:29 . 2012-11-15 06:29 -------- d-----w- c:\users\everbody\AppData\Roaming\Toribash
2012-11-13 22:33 . 2012-11-13 22:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-01 06:12 . 2012-11-02 03:05 -------- d-----w- c:\program files\Cheat Engine 6.2
2012-10-28 08:47 . 2012-10-28 08:54 19424 ----a-w- c:\program files\Mozilla Firefox\updated\xpcom.dll
2012-10-28 08:47 . 2012-10-28 08:54 14676448 ----a-w- c:\program files\Mozilla Firefox\updated\xul.dll
2012-10-28 08:47 . 2012-10-28 08:54 96224 ----a-w- c:\program files\Mozilla Firefox\updated\webapprt-stub.exe
2012-10-28 08:47 . 2012-10-28 08:55 157272 ----a-w- c:\program files\Mozilla Firefox\updated\webapp-uninstaller.exe
2012-10-28 08:47 . 2012-10-28 08:56 270816 ----a-w- c:\program files\Mozilla Firefox\updated\updater.exe
2012-10-28 08:46 . 2012-10-28 08:57 889848 ----a-w- c:\program files\Mozilla Firefox\updated\uninstall\helper.exe
2012-10-28 08:46 . 2012-10-28 08:57 155104 ----a-w- c:\program files\Mozilla Firefox\updated\softokn3.dll
2012-10-28 08:46 . 2012-10-28 08:57 145376 ----a-w- c:\program files\Mozilla Firefox\updated\ssl3.dll
2012-10-28 08:46 . 2012-10-28 08:57 91104 ----a-w- c:\program files\Mozilla Firefox\updated\smime3.dll
2012-10-28 08:46 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\updated\plugins\nppdf32.dll
2012-10-28 08:46 . 2012-10-28 08:58 20960 ----a-w- c:\program files\Mozilla Firefox\updated\plds4.dll
2012-10-28 08:46 . 2012-10-28 08:58 16864 ----a-w- c:\program files\Mozilla Firefox\updated\plugin-container.exe
2012-10-28 08:46 . 2012-10-28 08:58 21472 ----a-w- c:\program files\Mozilla Firefox\updated\plc4.dll
2012-10-28 08:44 . 2012-06-20 03:52 1998168 ----a-w- c:\program files\Mozilla Firefox\updated\d3dx9_43.dll
2012-10-28 08:44 . 2012-06-20 03:52 2106216 ----a-w- c:\program files\Mozilla Firefox\updated\D3DCompiler_43.dll
2012-10-28 08:44 . 2012-10-19 20:57 116192 ----a-w- c:\program files\Mozilla Firefox\updated\crashreporter.exe
2012-10-28 08:44 . 2012-10-19 20:57 261600 ----a-w- c:\program files\Mozilla Firefox\updated\components\browsercomps.dll
2012-10-28 08:44 . 2012-10-19 20:57 73696 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-28 08:44 . 2012-10-19 20:57 18912 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:06 . 2012-04-02 22:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 21:06 . 2011-07-14 05:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 14:29 . 2012-11-14 01:41 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-08 07:48 . 2012-11-14 03:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:43 . 2012-11-14 03:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-02 23:04 . 2012-10-20 09:12 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5B0B412-BAC3-4D3F-9E48-D3FC49502FD1}\gapaengine.dll
2012-10-02 23:04 . 2011-09-08 10:32 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-25 16:19 . 2012-11-14 01:41 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-13 13:28 . 2012-10-10 20:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-30 12:03 . 2012-08-30 12:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 12:03 . 2011-04-27 05:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 11:27 . 2012-10-10 20:06 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 20:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-30 07:32 . 2012-10-19 20:55 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-14 39408]
"Akamai NetSession Interface"="c:\users\everbody\AppData\Local\Akamai\netsession_win.exe" [2012-10-08 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-11-21 646232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"ModemListener"="c:\program files\Dodo Mobile Broadband\ModemListener.exe" [2011-04-27 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Registry Helper"="c:\program files\Registry Helper\RegistryHelper.Exe" /boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:06]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 05:18]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080
uInternet Settings,ProxyOverride = *.iPrimus.com.au;speedtouch;dsldevice;speedtouch.lan;dsldevice.lan;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - proxy.iprimus.com.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.iprimus.com.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.iprimus.com.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.iprimus.com.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-18 17:06; [email protected]; c:\users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-09-08 21:18; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Startw3i - c:\program files\PC Speed Maximizer\Startw3i.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\everbody\AppData\Roaming\Uninstal.exe
AddRemove-UnityWebPlayer - c:\users\everbody\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 13:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-469054069-3193466649-2947917218-1000\Software\SecuROM\License information*]
"datasecu"=hex:86,61,a5,2b,fb,ad,75,c3,89,13,fa,7a,a3,45,bc,9f,13,88,46,5b,07,
fe,60,08,e4,4d,8a,a7,f9,08,5e,b5,19,5a,a1,7b,73,71,18,97,16,91,06,22,39,d3,\
"rkeysecu"=hex:17,cd,3c,2e,c8,1b,71,73,91,37,f0,b9,b4,32,17,38
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3792)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-11-24 13:43:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 02:43
.
Pre-Run: 3,849,506,816 bytes free
Post-Run: 3,485,851,648 bytes free
.
- - End Of File - - 0ADB30D8AE55AD595C971EFEC24BB3D6
  • 0

Advertisements


#11
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Have tried out the computer and so far it seems to be working very well. No second screen, much improved speed, so far no screen freezing or mouse disappearing.

Edited by heydiddles, 23 November 2012 - 10:58 PM.

  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
heydiddles

heydiddles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Gringo,
Here is the combo fix report.

Computer does seem to be running better, I don't think I have had any problems except one thing that I wasn't sure about which has to do with microsoft security essentials. Before running combofix I opened spybot as admin, went to tools, unticked resident "teatimer" under Resident, unticked spybot S&D, windows defender, and spybotSD teatimer under system startup then restarted the computer.. then I ran combofix as instructed, copying and pasting from the above post into notebook etc. I hope this disabled the malware protection, firewalls etc but I'm not 100% sure. I have had issues trying to access windows defender in order to switch off malware protection the usual way. When I attempt to open and turn on Windows Defender I am told "Windows Defender encountered an error: 0x800106ba"

ComboFix 12-11-29.02 - everbody 30/11/2012 13:02:14.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.1013.321 [GMT 11:00]
Running from: c:\users\everbody\Downloads\ComboFix.exe
Command switches used :: c:\users\everbody\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 02:16 . 2012-11-30 02:16 -------- d-----w- c:\users\everbody\AppData\Local\temp
2012-11-30 02:16 . 2012-11-30 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 22:45 . 2012-11-29 22:39 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46EE0B0C-AAE3-4576-9BCB-F821183F6E64}\gapaengine.dll
2012-11-29 22:40 . 2012-11-18 14:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{333C50C4-F446-4A02-B1C8-775E77B088AE}\mpengine.dll
2012-11-28 03:04 . 2012-11-18 14:04 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 11:36 . 2012-08-07 05:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-20 08:57 . 2012-11-20 08:57 -------- d-----w- c:\program files\Bethesda Softworks
2012-11-20 08:53 . 2005-04-03 11:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-11-20 08:53 . 2005-04-03 12:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-11-20 08:53 . 2005-04-03 12:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-11-20 08:53 . 2005-04-03 12:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-11-20 08:53 . 2005-04-03 11:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-11-20 08:53 . 2005-04-03 12:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-11-20 08:53 . 2012-11-20 08:53 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-11-20 08:52 . 2012-11-20 08:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-11-20 08:52 . 2012-11-20 09:18 -------- d-----w- c:\users\everbody\AppData\Local\Oblivion
2012-11-15 06:29 . 2012-11-15 06:29 -------- d-----w- c:\users\everbody\AppData\Roaming\Toribash
2012-11-14 01:41 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 01:41 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 22:33 . 2012-11-13 22:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-01 06:12 . 2012-11-02 03:05 -------- d-----w- c:\program files\Cheat Engine 6.2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:06 . 2012-04-02 22:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 21:06 . 2011-07-14 05:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 13:28 . 2012-10-10 20:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-30 07:32 . 2012-10-19 20:55 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-14 39408]
"Akamai NetSession Interface"="c:\users\everbody\AppData\Local\Akamai\netsession_win.exe" [2012-10-08 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-11-21 646232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"ModemListener"="c:\program files\Dodo Mobile Broadband\ModemListener.exe" [2011-04-27 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Registry Helper"="c:\program files\Registry Helper\RegistryHelper.Exe" /boot
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:06]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 05:18]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080
uInternet Settings,ProxyOverride = *.iPrimus.com.au;speedtouch;dsldevice;speedtouch.lan;dsldevice.lan;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - proxy.iprimus.com.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.iprimus.com.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.iprimus.com.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.iprimus.com.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-18 17:06; [email protected]; c:\users\everbody\AppData\Roaming\Mozilla\Firefox\Profiles\tcs8yax4.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-09-08 21:18; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-469054069-3193466649-2947917218-1000\Software\SecuROM\License information*]
"datasecu"=hex:86,61,a5,2b,fb,ad,75,c3,89,13,fa,7a,a3,45,bc,9f,13,88,46,5b,07,
fe,60,08,e4,4d,8a,a7,f9,08,5e,b5,19,5a,a1,7b,73,71,18,97,16,91,06,22,39,d3,\
"rkeysecu"=hex:17,cd,3c,2e,c8,1b,71,73,91,37,f0,b9,b4,32,17,38
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(668)
c:\windows\system32\ieframe.dll
.
Completion time: 2012-11-30 13:20:51
ComboFix-quarantined-files.txt 2012-11-30 02:20
ComboFix2.txt 2012-11-25 10:33
ComboFix3.txt 2012-11-24 02:43
.
Pre-Run: 3,424,333,824 bytes free
Post-Run: 3,382,333,440 bytes free
.
- - End Of File - - B8508C679CDDE39C47B0FFA2E1681974
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP