Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Runnign computer - possible virus [Solved]


  • This topic is locked This topic is locked

#16
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Nothing is wrong, just busy this week. Also, yesterday my husband tried to use a program from his work and needed Adobe which the computer said we didn't have although I did download it after your last set of instructions. He tried to install it and whenever a program asked permission to download he said yes. These programs had nothing to do with Adobe but he didn't realize that and downloaded them. Now we are getting pop ups. WHen I got on the computer this morning I saw another request for a program "Super Savers" for permission to download. Last night I had uninstalled the programs that were asking, but this one is still there somehow. I didn't see any pop ups althought they were there last night. Do we need to re-run a scan to fis this problem?

Also, I didn't see your most recent post (before this one). Could you resend that one when you answer this one? I promise to get to all of it this weekend. Will that work for you?

Best Regards,
Susanne
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Susanne


Lets run these again and they will let me know if I need to run anything else for the popups


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#18
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# AdwCleaner v2.114 - Logfile created 03/09/2013 at 20:08:06
# Updated 05/03/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H9Q8GFG\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\SearchProtect
Deleted on reboot : C:\Program Files (x86)\WhiteSmoke_New
Deleted on reboot : C:\ProgramData\APN
Deleted on reboot : C:\Users\joe\AppData\Local\Conduit
Deleted on reboot : C:\Users\joe\AppData\Local\SwvUpdater
Deleted on reboot : C:\Users\joe\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\joe\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\joe\AppData\LocalLow\WhiteSmoke_New
Deleted on reboot : C:\Users\joe\AppData\Roaming\SearchProtect
File Deleted : C:\END
File Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4AA0453-B876-4AB7-B4A2-875C0A2A3AB7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F330D407-1DA5-4A3E-AA49-A71B94A332CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN12844963803102521&ctid=CT3289847 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\prefs.js

Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN29911994[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN2991199472166[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.machineId", "2RPP2OZ607BCE/MKVVJ9TSR0J9KPANJ1HANWNPK4FHNJV/RN1BCT94PYVEYO1AD3/OA[...]

-\\ Google Chrome v25.0.1364.152

File : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"autofill":{"negative_upload_rate":1.0,"positive_upload_rate":1.0},"browser[...]

*************************

AdwCleaner[R1].txt - [53545 octets] - [09/03/2013 19:05:55]
AdwCleaner[R2].txt - [53500 octets] - [09/03/2013 20:07:29]
AdwCleaner[S1].txt - [12171 octets] - [08/11/2012 23:26:12]
AdwCleaner[S2].txt - [1040 octets] - [11/11/2012 12:32:28]
AdwCleaner[S3].txt - [5129 octets] - [25/02/2013 10:22:11]
AdwCleaner[S4].txt - [8748 octets] - [09/03/2013 20:08:06]

########## EOF - C:\AdwCleaner[S4].txt - [8808 octets] ##########


RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : joe [Admin rights]
Mode : Remove -- Date : 03/09/2013 20:03:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] cltmng.exe -- C:\Users\joe\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") [7] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\joe\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> DELETED
[TASK][SUSP PATH] AmiUpdXp.job : C:\Users\joe\AppData\Local\SwvUpdater\Updater.exe [7] -> DELETED
[TASK][SUSP PATH] AmiUpdXp : C:\Users\joe\AppData\Local\SwvUpdater\Updater.exe [7] -> DELETED
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\joe\AppData\Local\Temp\IHUABC2.tmp.exe [x] -> DELETED
[TASK][SUSP PATH] Updater19962.exe : C:\Users\joe\AppData\Local\Updater19962\Updater19962.exe /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [7] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVS-26VAT0 +++++
--- User ---
[MBR] bf0740af8821c2f163f6389b06cd25d3
[BSP] f0014726b6f361d79849d55ebcf4a3bf : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295622 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608507904 | Size: 8122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_03092013_02d2003.txt >>
RKreport[1]_S_02252013_02d1129.txt ; RKreport[2]_D_02252013_02d1138.txt ; RKreport[3]_S_03092013_02d2001.txt ; RKreport[4]_D_03092013_02d2003.txt


Hi Gringo,

Here are the reports for the adware and rougue scans. I haven't done the last step because I thought you might want to see these first. Let me know wah's next.

Regards, Susanne
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Susanne

There was enough in there that I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#20
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 13-03-10.02 - joe 03/10/2013 15:31:32.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1678 [GMT -4:00]
Running from: c:\users\joe\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))
.
.
2013-03-10 19:55 . 2013-03-10 19:55 -------- d-----w- c:\users\Susanne S. Lustig\AppData\Local\temp
2013-03-10 19:55 . 2013-03-10 19:55 -------- d-----w- c:\users\joe\AppData\Local\temp
2013-03-10 19:55 . 2013-03-10 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-06 23:38 . 2013-03-06 23:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-06 22:57 . 2013-03-06 22:58 -------- d-----w- c:\program files (x86)\WhiteSmoke_New
2013-03-06 22:57 . 2013-03-06 22:57 -------- d-----w- c:\program files (x86)\SearchProtect
2013-03-06 22:56 . 2013-03-06 22:56 -------- d-----w- c:\users\joe\AppData\Local\Supreme Savings
2013-03-06 22:56 . 2013-03-06 22:56 -------- d-----w- c:\users\joe\AppData\Local\Updater19962
2013-03-06 22:55 . 2013-03-06 22:56 -------- d-----w- c:\program files (x86)\Supreme Savings
2013-03-03 22:32 . 2013-03-03 22:32 -------- d-----w- c:\program files (x86)\7-zip
2013-03-03 22:31 . 2013-03-03 22:31 -------- d-----w- c:\programdata\Yahoo! Companion
2013-03-03 22:13 . 2013-03-03 22:13 -------- d-----w- c:\users\joe\AppData\Roaming\Malwarebytes
2013-03-03 22:12 . 2013-03-03 22:12 -------- d-----w- c:\programdata\Malwarebytes
2013-03-03 22:12 . 2013-03-03 22:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 22:12 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 21:24 . 2013-03-03 21:24 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-02-26 01:55 . 2013-02-26 01:55 -------- d-----w- c:\programdata\APN
2013-02-26 00:23 . 2013-02-26 00:23 -------- d-----w- c:\users\joe\AppData\Roaming\Motive
2013-02-26 00:22 . 2013-02-26 00:23 -------- d-----w- c:\program files\Comcast
2013-02-26 00:21 . 2013-02-26 00:22 -------- d-----w- c:\program files (x86)\Comcast
2013-02-26 00:19 . 2013-02-26 00:21 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-02-26 00:19 . 2013-02-26 00:22 -------- d-----w- c:\program files\Common Files\Motive
2013-02-26 00:18 . 2013-02-26 00:28 -------- d-----w- c:\programdata\Motive
2013-02-25 17:04 . 2013-02-26 22:20 -------- d-----w- c:\windows\system32\drivers\N360x64\1402000.013
2013-02-25 15:22 . 2013-03-10 01:08 1199 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-24 19:16 . 2013-02-24 19:16 -------- d-----w- c:\program files\iPod
2013-02-24 19:16 . 2013-02-24 19:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 19:16 . 2013-02-24 19:17 -------- d-----w- c:\program files (x86)\iTunes
2013-02-23 23:26 . 2013-03-06 01:37 -------- d-----w- c:\users\joe\AppData\Local\SugarSync
2013-02-23 23:26 . 2013-01-30 18:12 192256 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-02-23 23:25 . 2013-01-30 18:12 143104 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-02-23 23:25 . 2013-01-30 18:12 159488 ----a-w- c:\windows\SysWow64\SSCbFsMntNtf3.dll
2013-02-23 23:25 . 2013-01-30 18:12 225024 ----a-w- c:\windows\SysWow64\SSCbFsNetRdr3.dll
2013-02-23 23:24 . 2013-01-30 18:11 347904 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-02-23 23:23 . 2013-02-23 23:26 -------- d-----w- c:\program files (x86)\SugarSync
2013-02-22 00:04 . 2013-02-22 00:04 -------- d-----w- c:\program files\Symantec
2013-02-15 08:25 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-15 08:25 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-14 12:41 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 12:41 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 12:41 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-02-14 12:41 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-02-14 12:41 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 01:11 . 2011-11-08 02:40 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-03 23:15 . 2012-11-12 17:35 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-03 23:15 . 2012-11-12 17:35 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 00:04 . 2011-07-01 04:14 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-02-15 08:14 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe
2013-02-06 12:59 . 2012-10-02 15:06 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-12-16 13:31 . 2012-12-24 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-24 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-24 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-24 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 18:50 . 2012-12-13 18:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 18:50 . 2012-12-13 18:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-04 1104424]
"Spotify"="c:\users\joe\AppData\Roaming\Spotify\Spotify.exe" [2013-02-04 4480040]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSync.exe" [2013-02-13 12343648]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"lxdumon.exe"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"lxduamon"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]
"Lexmark 5600-6600 Series"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe" [2010-02-04 311976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-03-06 295072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 11:35 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 23:15]
.
2013-03-10 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2011-09-07 16:33]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 21:26]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 21:26]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000Core.job
- c:\users\joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000UA.job
- c:\users\joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2013-03-10 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-03-06 00:44]
.
2013-03-10 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-03-06 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-12-10 2792448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bna.com\vpa
Trusted Zone: orioles.com
Trusted Zone: smarthrmanager.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxps://znycsslvpn1.edelman.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/,DanaInfo=zchihd+VSFlex8.CAB
DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} - hxxps://znycsslvpn1.edelman.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/,DanaInfo=zchihd+AeXClipboard.CAB
FF - ProfilePath - c:\users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\
FF - ExtSQL: 2013-02-25 19:21; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-03-06 17:43; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-09-04 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-03-10 16:01:49
ComboFix-quarantined-files.txt 2013-03-10 20:01
ComboFix2.txt 2013-02-27 16:23
ComboFix3.txt 2013-02-26 02:46
.
Pre-Run: 172,503,101,440 bytes free
Post-Run: 172,486,414,336 bytes free
.
- - End Of File - - 3CC0683E388E9C9757618F8ED45761C6

Hi Gringo,
The scan went smoothly. The computer seems to be better. I haven't seen any pop ups today. There are two new icons on my desktop that I didn't download and neither did my husband, at least knowingly. They are the weather channel and SpeedUpMyPC. Can I just delete them, or do I have to do anything else to get rid of them.

Thanks,
Susanne
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Susanne

Just delete those off the desktop - these tools don't tell me what is on the desktop

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\WhiteSmoke_New
c:\program files (x86)\SearchProtect
c:\users\joe\AppData\Local\Supreme Savings
c:\users\joe\AppData\Local\Updater19962
c:\program files (x86)\Supreme Savings
c:\program files (x86)\Uniblue

File::
c:\windows\Tasks\spmonitor.job

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#22
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#23
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 13-03-13.02 - joe 03/13/2013 19:04:05.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1591 [GMT -4:00]
Running from: c:\users\joe\Desktop\ComboFix.exe
Command switches used :: c:\users\joe\Desktop\CFScript.txt
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\spmonitor.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\bin\ChromeModule.dll
c:\program files (x86)\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\bin\FirefoxModule.dll
c:\program files (x86)\SearchProtect\bin\InternetExplorerModule.dll
c:\program files (x86)\SearchProtect\bin\msvcp100.dll
c:\program files (x86)\SearchProtect\bin\msvcr100.dll
c:\program files (x86)\SearchProtect\bin\SPHook32.dll
c:\program files (x86)\SearchProtect\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Dialogs\dialogsApi.js
c:\program files (x86)\SearchProtect\Dialogs\lib\jquery.min.js
c:\program files (x86)\SearchProtect\Dialogs\lib\json2.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.css
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\information.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\warning.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\program files (x86)\SearchProtect\Dialogs\spsd\settings.js
c:\program files (x86)\SearchProtect\ffprotect\abstraction.js
c:\program files (x86)\SearchProtect\ffprotect\application.js
c:\program files (x86)\Supreme Savings
c:\program files (x86)\Supreme Savings\background.html
c:\program files (x86)\Supreme Savings\ButtonUtil.dll
c:\program files (x86)\Supreme Savings\Installer.log
c:\program files (x86)\Supreme Savings\Supreme Savings-bg.exe
c:\program files (x86)\Supreme Savings\Supreme Savings.dll
c:\program files (x86)\Supreme Savings\Supreme Savings.exe
c:\program files (x86)\Supreme Savings\Supreme Savings.ico
c:\program files (x86)\Supreme Savings\Supreme Savings.ini
c:\program files (x86)\Supreme Savings\Uninstall.exe
c:\program files (x86)\Uniblue
c:\program files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\intermediate_views.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\latest_scan_results.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\library.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\br.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\de.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\dk.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\en.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\es.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\fi.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\fr.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\it.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\jp.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\nl.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\no.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\ru.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\se.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcp90.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcr90.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\repair_transform.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\spnotifier.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins001.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins001.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins001.msg
c:\program files (x86)\Uniblue\SpeedUpMyPC\views.dat
c:\program files (x86)\WhiteSmoke_New
c:\program files (x86)\WhiteSmoke_New\GottenAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\ldrtbWhit.dll
c:\program files (x86)\WhiteSmoke_New\OtherAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll
c:\program files (x86)\WhiteSmoke_New\SharedAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\tbWhit.dll
c:\program files (x86)\WhiteSmoke_New\toolbar.cfg
c:\program files (x86)\WhiteSmoke_New\ToolbarContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\uninstall.exe
c:\program files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe
c:\users\joe\AppData\Local\Supreme Savings
c:\users\joe\AppData\Local\Supreme Savings\Chrome\Installer.log
c:\users\joe\AppData\Local\Updater19962
c:\users\joe\AppData\Local\Updater19962\Updater19962.exe
c:\windows\Tasks\spmonitor.job
.
.
((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))
.
.
2013-03-13 23:29 . 2013-03-13 23:29 -------- d-----w- c:\users\Susanne S. Lustig\AppData\Local\temp
2013-03-13 23:29 . 2013-03-13 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 07:03 . 2013-02-02 06:38 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-13 07:03 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-13 07:03 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-13 07:03 . 2013-02-02 07:37 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-03-13 07:03 . 2013-02-02 06:44 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-03-13 07:03 . 2013-02-02 04:19 149552 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-03-13 07:03 . 2013-02-02 03:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-13 07:03 . 2013-02-02 06:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-13 07:03 . 2013-02-02 06:34 248320 ----a-w- c:\windows\system32\ieui.dll
2013-03-13 07:03 . 2013-02-02 03:27 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-03-13 01:48 . 2013-03-13 01:48 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-10 20:01 . 2013-03-13 23:59 -------- d-----w- c:\users\joe\AppData\Local\temp
2013-03-06 23:38 . 2013-03-06 23:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-06 22:45 . 2013-03-06 22:45 -------- d-----w- c:\users\joe\AppData\Roaming\Uniblue
2013-03-03 22:32 . 2013-03-03 22:32 -------- d-----w- c:\program files (x86)\7-zip
2013-03-03 22:31 . 2013-03-03 22:31 -------- d-----w- c:\programdata\Yahoo! Companion
2013-03-03 22:13 . 2013-03-03 22:13 -------- d-----w- c:\users\joe\AppData\Roaming\Malwarebytes
2013-03-03 22:12 . 2013-03-03 22:12 -------- d-----w- c:\programdata\Malwarebytes
2013-03-03 22:12 . 2013-03-03 22:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 22:12 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 21:24 . 2013-03-03 21:24 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-02-26 01:55 . 2013-02-26 01:55 -------- d-----w- c:\programdata\APN
2013-02-26 00:23 . 2013-02-26 00:23 -------- d-----w- c:\users\joe\AppData\Roaming\Motive
2013-02-26 00:22 . 2013-02-26 00:23 -------- d-----w- c:\program files\Comcast
2013-02-26 00:21 . 2013-02-26 00:22 -------- d-----w- c:\program files (x86)\Comcast
2013-02-26 00:19 . 2013-02-26 00:21 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-02-26 00:19 . 2013-02-26 00:22 -------- d-----w- c:\program files\Common Files\Motive
2013-02-26 00:18 . 2013-02-26 00:28 -------- d-----w- c:\programdata\Motive
2013-02-25 17:04 . 2013-02-26 22:20 -------- d-----w- c:\windows\system32\drivers\N360x64\1402000.013
2013-02-25 15:22 . 2013-03-10 01:08 1199 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-24 19:16 . 2013-02-24 19:16 -------- d-----w- c:\program files\iPod
2013-02-24 19:16 . 2013-02-24 19:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 19:16 . 2013-02-24 19:17 -------- d-----w- c:\program files (x86)\iTunes
2013-02-23 23:26 . 2013-03-06 01:37 -------- d-----w- c:\users\joe\AppData\Local\SugarSync
2013-02-23 23:26 . 2013-01-30 18:12 192256 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-02-23 23:25 . 2013-01-30 18:12 143104 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-02-23 23:25 . 2013-01-30 18:12 159488 ----a-w- c:\windows\SysWow64\SSCbFsMntNtf3.dll
2013-02-23 23:25 . 2013-01-30 18:12 225024 ----a-w- c:\windows\SysWow64\SSCbFsNetRdr3.dll
2013-02-23 23:24 . 2013-01-30 18:11 347904 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-02-23 23:23 . 2013-02-23 23:26 -------- d-----w- c:\program files (x86)\SugarSync
2013-02-22 00:04 . 2013-02-22 00:04 -------- d-----w- c:\program files\Symantec
2013-02-15 08:25 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-15 08:25 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-14 12:41 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 12:41 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 12:41 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-02-14 12:41 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-02-14 12:41 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 23:58 . 2011-11-08 02:40 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-13 07:08 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe
2013-03-13 01:48 . 2012-11-12 17:35 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 01:48 . 2012-11-12 17:35 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 00:04 . 2011-07-01 04:14 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-02-13 13:19 . 2012-10-02 15:06 236248 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-12-16 13:31 . 2012-12-24 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-24 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-24 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-24 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-04 1104424]
"Spotify"="c:\users\joe\AppData\Roaming\Spotify\Spotify.exe" [2013-02-04 4480040]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSync.exe" [2013-02-13 12343648]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"lxdumon.exe"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"lxduamon"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]
"Lexmark 5600-6600 Series"="c:\program files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe" [2010-02-04 311976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-03-06 295072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 11:35 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 01:48]
.
2013-03-13 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2011-09-07 16:33]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 21:26]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 21:26]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000Core.job
- c:\users\joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000UA.job
- c:\users\joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-12-10 2792448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bna.com\vpa
Trusted Zone: orioles.com
Trusted Zone: smarthrmanager.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxps://znycsslvpn1.edelman.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/,DanaInfo=zchihd+VSFlex8.CAB
DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} - hxxps://znycsslvpn1.edelman.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/,DanaInfo=zchihd+AeXClipboard.CAB
FF - ProfilePath - c:\users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\
FF - ExtSQL: 2013-02-25 19:21; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-03-06 17:43; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-09-04 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-Supreme Savings - c:\program files (x86)\Supreme Savings\Uninstall.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files (x86)\Uniblue\SpeedUpMyPC\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
c:\program files (x86)\Common Files\Motive\pcCMService.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86) (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files (x86)\Skype\Phone\Skype.exe
c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-03-13 20:06:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-14 00:06
ComboFix2.txt 2013-03-10 20:01
ComboFix3.txt 2013-02-27 16:23
ComboFix4.txt 2013-02-26 02:46
.
Pre-Run: 168,231,124,992 bytes free
Post-Run: 168,529,084,416 bytes free
.
- - End Of File - - 825A0B24F608AB7FCE2EBEB5077D52D1

No problems with the script. The computer has been running pretty well. What next?

Regards,
Susanne
  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Susanne

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
  • 0

#25
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-zip v9.20
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Links
Apple Application Support
Apple Software Update
Avery Wizard 3.1
Bejeweled Blitz
BetterLinks v1.7.5.24 (remove only)
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Citrix Presentation Server Client - Web Only
CyberLink PowerCinema for TOSHIBA
DriverUpdate
DVD MovieFactory for TOSHIBA
EasySolve
File Uploader
Free Download Manager 3.9.2
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPS Image Tracker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Juniper Networks Setup Client
Lexmark Printable Web
Lexmark Toolbar
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Move Media Player
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
Norton PC Checkup
Norton Security Suite
Picture Package Music Transfer
QuickTime
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.94
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Safari
ScrewDrivers Client v4 (ica only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skins
Skype Toolbars
Skype™ 5.10
Sony Picture Utility
SpeedUpMyPC
Spotify
SugarSync
Supreme Savings
The Weather Channel Desktop 6
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Yahoo! Software Update
Yahoo! Toolbar

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:43:35 PM, on 3/19/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Comcast\pcBrowser.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\joe\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\joe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} (ComponentOne FlexGrid 8.0 (UNICODE Light)) - https://znycsslvpn1....ihd VSFlex8.CAB
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://znycsslvpn1....SetupClient.cab
O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} (Altiris Clipboard Helper) - https://znycsslvpn1....eXClipboard.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

Here are the logs you requested. I didn't have any problems, but I abandoned adobe reader altogether because it wanted to download the same version I had just uninstalled. I had no trouble downloading foxit.

The computer is running pretty well.

Thanks again,
Susanne

--
End of file - 13208 bytes

Edited by Susanne Sable Lustig, 19 March 2013 - 11:51 AM.

  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.4)
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#27
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#28
Susanne Sable Lustig

Susanne Sable Lustig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.19.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
joe :: JOE-PC [administrator]

3/19/2013 1:27:35 PM
mbam-log-2013-03-19 (13-27-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243445
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:43:35 PM, on 3/19/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Comcast\pcBrowser.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\joe\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series] "C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\joe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} (ComponentOne FlexGrid 8.0 (UNICODE Light)) - https://znycsslvpn1....ihd VSFlex8.CAB
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://znycsslvpn1....SetupClient.cab
O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} (Altiris Clipboard Helper) - https://znycsslvpn1....eXClipboard.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13208 bytes

(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hi Gringo,

Here are the scans. It's good that we no longer have any malicious items! I had no trouble wiht the instructions, except that Adobe wanted me to download the same version that I had just uninstalled. I went with foxit instead and had no trouble with the download.

The computer is running pretty well.

Thanks again,
Susanne
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [Spotify] "C:\Users\joe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
      O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#30
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP