Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with arestocrat department of justice lock screen

Started by Kj201201 , Apr 22 2013 09:48 PM

  • Please log in to reply

#1
Kj201201
Posted 22 April 2013 - 09:48 PM

Kj201201

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I am new to the board. When I turn on my laptop I get a lock screen that says the department of justice has.locked my computer and I need to pay to fix it and it is run through a program called arestocrat. I can run any applications on the computer because of this or even open task manager. I am running a 64 bit windows 7 laptop. Any help would be greatly appreciated, thanks!
  • 0

Advertisements

#2
JSntgRvr
Posted 22 April 2013 - 09:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi and welcome.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

      • Startup Repair
      • System Restore
      • Windows Complete PC Restore
      • Windows Memory Diagnostic Tool
      • Command Prompt
      Select Command Prompt

      Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
Kj201201
Posted 23 April 2013 - 02:56 PM

Kj201201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I followed those instructions and this is the report that was saved onto the flash drive:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2013 02
Ran by SYSTEM on 23-04-2013 16:51:04
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2011-10-16] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2010-02-03] ()
HKLM\...\Run: [lxdxamon] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [16040 2010-02-03] ()
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-11-27] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)
HKLM-x32\...\Winlogon: [Shell] C:\ProgramData\f34rfcdsfwe.exe [x ] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe [76584 2010-03-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [lxdxmon.exe] "C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2010-02-03] ()
HKLM-x32\...\Run: [lxdxamon] "C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [16040 2010-02-03] ()
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-19] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
HKLM-x32\...\Run: [SoundDrivers] "C:\ProgramData\f34rfcdsfwe.exe" [45336 2013-04-19] ()
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Kenny\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Kenny\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Kenny\...\Run: [Google Update] "C:\Users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-12] (Google Inc.)
HKU\Kenny\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [210208 2008-10-20] (Acresso Corporation)
HKU\Kenny\...\Run: [Facebook Update] "C:\Users\Kenny\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Kenny\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kenny\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-05] (Google Inc.)
HKU\Kenny\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Kenny\...\Run: [Spotify] "C:\Users\Kenny\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4547584 2013-04-17] (Spotify Ltd)
HKU\Kenny\...\Run: [Spotify Web Helper] "C:\Users\Kenny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-04-17] (Spotify Ltd)
HKU\Kenny\...\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images [390752 2010-08-11] ()
HKU\Kenny\...\CurrentVersion\Windows: [Load] C:\Users\Kenny\LOCALS~1\Temp\msagcz.cmd
Lsa: [Notification Packages] DPPassFilter
scecli
Startup: C:ProgramData\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:ProgramData\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-08-11] (Adobe Systems)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)
S2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2010-08-11] (Arainia Solutions)
S3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.)
S2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-19] ()

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies)
S1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-02-06] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-22 19:22 - 2013-04-22 19:23 - 00000183 ____A C:\Windows\System32\avgrep.txt
2013-04-19 04:21 - 2013-04-19 04:21 - 02250054 ____A C:ProgramData\1.bmp
2013-04-19 04:21 - 2013-04-19 04:21 - 00302806 ____A C:ProgramData\1.jpg
2013-04-19 04:11 - 2013-04-19 04:11 - 00045336 ____A C:ProgramData\f34rfcdsfwe.exe
2013-04-14 16:40 - 2013-04-14 17:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 19:34 - 2013-04-11 19:34 - 00000075 ____A C:\Users\Kenny\Downloads\;collapse=true
2013-04-10 23:18 - 2013-04-10 23:18 - 00384800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2013-04-09 20:10 - 2013-04-09 20:12 - 90130256 ____A (Apple Inc.) C:\Users\Kenny\Downloads\iTunes64Setup.exe
2013-04-09 20:07 - 2013-04-09 20:07 - 00001084 ____A C:\Windows\WindowsUpdate.log
2013-04-06 05:37 - 2013-04-16 13:26 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForKenny.job
2013-04-04 01:47 - 2013-04-10 19:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-04 01:04 - 2013-04-22 19:34 - 00000000 ____D C:\Users\Kenny\AppData\Roaming\Spotify
2013-04-04 01:04 - 2013-04-19 13:23 - 00000000 ____D C:\Users\Kenny\AppData\Local\Spotify
2013-04-04 01:04 - 2013-04-04 01:06 - 00000000 ____D C:\Users\Kenny\Desktop\anti virus
2013-04-04 01:04 - 2013-04-04 01:04 - 00001767 ____A C:\Users\Kenny\Desktop\Spotify.lnk
2013-04-03 07:41 - 2013-04-17 16:24 - 00005310 ____A C:\Windows\PFRO.log
2013-04-03 07:31 - 2013-04-22 19:33 - 00000336 ____A C:\Windows\setupact.log
2013-04-03 07:31 - 2013-04-03 07:31 - 00000000 ____A C:\Windows\setuperr.log
2013-04-03 07:19 - 2013-04-03 07:19 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-04-03 07:17 - 2013-04-14 17:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-04-03 07:13 - 2013-04-03 07:13 - 00000000 ____D C:\Users\Kenny\AppData\Local\Macromedia
2013-04-03 07:12 - 2013-04-22 19:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-03 07:12 - 2013-04-03 07:17 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-03 07:12 - 2013-04-03 07:12 - 00000000 ____D C:\Windows\System32\Macromed
2013-04-03 07:02 - 2013-04-22 19:33 - 00000382 ____A C:\Windows\Tasks\ErrorEND.job
2013-04-03 07:02 - 2013-04-03 07:02 - 00000000 ____D C:ProgramData\ErrorEND64
2013-04-03 07:02 - 2013-04-03 07:02 - 00000000 ____D C:\Program Files\ErrorEND
2013-04-03 06:51 - 2013-04-03 06:52 - 00224902 ____A C:\Users\Kenny\Documents\cc_20130403_105154.reg
2013-04-02 18:50 - 2013-04-02 18:50 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorwomdkf.txt
2013-04-02 07:32 - 2013-04-02 07:32 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorrtwhgc.txt
2013-03-30 17:43 - 2013-03-30 17:43 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorfrgj_v.txt
2013-03-26 18:41 - 2013-03-26 18:41 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorh7olff.txt
2013-03-26 06:31 - 2013-03-26 06:31 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorywc14u.txt
2013-03-24 13:49 - 2013-03-24 13:49 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorkpvfkl.txt
2013-03-24 05:09 - 2013-03-24 05:09 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errormlq8gn.txt

==================== One Month Modified Files and Folders =======

2013-04-22 19:34 - 2013-04-04 01:04 - 00000000 ____D C:\Users\Kenny\AppData\Roaming\Spotify
2013-04-22 19:34 - 2012-03-12 08:32 - 00000000 ____D C:\Users\Kenny\AppData\Roaming\Dropbox
2013-04-22 19:34 - 2010-08-05 18:47 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-22 19:33 - 2013-04-03 07:31 - 00000336 ____A C:\Windows\setupact.log
2013-04-22 19:33 - 2013-04-03 07:02 - 00000382 ____A C:\Windows\Tasks\ErrorEND.job
2013-04-22 19:33 - 2011-10-25 17:35 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000Core.job
2013-04-22 19:33 - 2011-10-05 18:26 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000Core.job
2013-04-22 19:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-22 19:27 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-22 19:23 - 2013-04-22 19:22 - 00000183 ____A C:\Windows\System32\avgrep.txt
2013-04-22 19:18 - 2011-10-05 18:26 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000UA.job
2013-04-22 19:18 - 2010-08-05 18:47 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-22 19:17 - 2013-04-03 07:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-22 19:17 - 2011-10-25 17:35 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000UA.job
2013-04-22 19:17 - 2010-07-30 17:23 - 00000000 ____D C:\Users\Kenny\AppData\Local\CrashDumps
2013-04-21 16:41 - 2012-03-01 01:55 - 00010947 ____A C:ProgramData\lxdx.log
2013-04-21 16:25 - 2011-10-29 11:50 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-04-21 16:25 - 2010-09-11 21:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-19 13:24 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-19 13:24 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-19 13:23 - 2013-04-04 01:04 - 00000000 ____D C:\Users\Kenny\AppData\Local\Spotify
2013-04-19 04:25 - 2010-12-23 22:58 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-04-19 04:24 - 2012-03-12 08:35 - 00000000 ___RD C:\Users\Kenny\Desktop\Dropbox
2013-04-19 04:21 - 2013-04-19 04:21 - 02250054 ____A C:ProgramData\1.bmp
2013-04-19 04:21 - 2013-04-19 04:21 - 00302806 ____A C:ProgramData\1.jpg
2013-04-19 04:11 - 2013-04-19 04:11 - 00045336 ____A C:ProgramData\f34rfcdsfwe.exe
2013-04-17 16:24 - 2013-04-03 07:41 - 00005310 ____A C:\Windows\PFRO.log
2013-04-17 05:36 - 2010-12-23 22:53 - 00000000 ____D C:ProgramData\MFAData
2013-04-16 13:26 - 2013-04-06 05:37 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForKenny.job
2013-04-16 13:26 - 2013-02-06 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-14 17:13 - 2013-04-14 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-14 17:13 - 2013-04-03 07:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-04-11 19:34 - 2013-04-11 19:34 - 00000075 ____A C:\Users\Kenny\Downloads\;collapse=true
2013-04-10 23:18 - 2013-04-10 23:18 - 00384800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2013-04-10 19:21 - 2013-04-04 01:47 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-09 20:12 - 2013-04-09 20:10 - 90130256 ____A (Apple Inc.) C:\Users\Kenny\Downloads\iTunes64Setup.exe
2013-04-09 20:07 - 2013-04-09 20:07 - 00001084 ____A C:\Windows\WindowsUpdate.log
2013-04-06 19:45 - 2011-05-24 14:26 - 00000000 ____D C:\Users\Kenny\Desktop\Phi Tau
2013-04-04 01:47 - 2010-08-05 18:47 - 00000000 ____D C:\Users\Kenny\AppData\Local\Google
2013-04-04 01:47 - 2010-08-05 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-04 01:27 - 2010-09-23 09:47 - 00000000 ____D C:\Users\Kenny\AppData\Roaming\Real
2013-04-04 01:27 - 2010-09-23 09:47 - 00000000 ____D C:\Program Files (x86)\Real
2013-04-04 01:10 - 2010-05-16 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-04 01:06 - 2013-04-04 01:04 - 00000000 ____D C:\Users\Kenny\Desktop\anti virus
2013-04-04 01:04 - 2013-04-04 01:04 - 00001767 ____A C:\Users\Kenny\Desktop\Spotify.lnk
2013-04-03 07:43 - 2009-07-13 20:45 - 05005656 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-03 07:31 - 2013-04-03 07:31 - 00000000 ____A C:\Windows\setuperr.log
2013-04-03 07:31 - 2011-12-08 14:42 - 00119704 ____A C:\Users\Kenny\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-03 07:19 - 2013-04-03 07:19 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-04-03 07:17 - 2013-04-03 07:12 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-03 07:17 - 2012-01-05 15:20 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-03 07:16 - 2010-05-16 18:37 - 00000000 ____D C:ProgramData\Adobe
2013-04-03 07:13 - 2013-04-03 07:13 - 00000000 ____D C:\Users\Kenny\AppData\Local\Macromedia
2013-04-03 07:12 - 2013-04-03 07:12 - 00000000 ____D C:\Windows\System32\Macromed
2013-04-03 07:02 - 2013-04-03 07:02 - 00000000 ____D C:ProgramData\ErrorEND64
2013-04-03 07:02 - 2013-04-03 07:02 - 00000000 ____D C:\Program Files\ErrorEND
2013-04-03 06:52 - 2013-04-03 06:51 - 00224902 ____A C:\Users\Kenny\Documents\cc_20130403_105154.reg
2013-04-03 06:50 - 2010-10-04 23:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-04-03 06:46 - 2012-09-02 09:21 - 00000000 ____D C:\Program Files\CCleaner
2013-04-02 18:50 - 2013-04-02 18:50 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorwomdkf.txt
2013-04-02 07:32 - 2013-04-02 07:32 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorrtwhgc.txt
2013-03-30 17:43 - 2013-03-30 17:43 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorfrgj_v.txt
2013-03-26 18:41 - 2013-03-26 18:41 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorh7olff.txt
2013-03-26 06:31 - 2013-03-26 06:31 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorywc14u.txt
2013-03-24 13:49 - 2013-03-24 13:49 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errorkpvfkl.txt
2013-03-24 05:09 - 2013-03-24 05:09 - 00000767 ____A C:\Windows\SysWOW64\dropbox_errormlq8gn.txt

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-03 06:56:42
Restore point made on: 2013-04-03 06:57:43
Restore point made on: 2013-04-03 06:59:17
Restore point made on: 2013-04-03 07:00:44
Restore point made on: 2013-04-03 07:19:42
Restore point made on: 2013-04-03 07:22:15
Restore point made on: 2013-04-03 07:24:01
Restore point made on: 2013-04-03 07:28:38
Restore point made on: 2013-04-03 07:44:35
Restore point made on: 2013-04-04 01:08:59
Restore point made on: 2013-04-04 01:09:44
Restore point made on: 2013-04-11 22:43:44

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 5941.86 MB
Available physical RAM: 5112.81 MB
Total Pagefile: 5940.01 MB
Available Pagefile: 5101.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.21 GB) (Free:102.61 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:21.26 GB) (Free:3.1 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
Drive h: (HP v115w) (Removable) (Total:7.51 GB) (Free:6.79 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7701 MB 0 B

Partitions of Disk 0:
===============

Disk ID: F2B66014

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 444 GB 200 MB
Partition 3 Primary 21 GB 444 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 444 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7701 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 466 GB) (Disk ID: F2B66014)
Partition 1: (Active) - (Size=199 MB) - (Type=07) (NTFS)
Partition 2: (Not Active) - (Size=444 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07) (NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

====================================================================
Disk: 1 (Size: 8 GB) (Disk ID: 2C6B7369)
Partition 1: (Not Active) - (Size=883 GB) - (Type=68)
Partition 2: (Not Active) - (Size=257 GB) - (Type=79)
Partition 3: (Not Active) - (Size=667 GB) - (Type=53)
Partition 4: (Not Active) - (Size=10 MB) - (Type=49)


Last Boot: 2013-04-14 20:53

==================== End Of Log ============================
  • 0

#4
JSntgRvr
Posted 23 April 2013 - 06:03 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file. [attachment=64359:fixlist.txt]

Save it next to FRST in the USB.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

If successful, attempt to boot in Normal Mode. If able to run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#5
Kj201201
Posted 23 April 2013 - 08:18 PM

Kj201201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello, I have successfully ran the frst fix program as well as combofix. I am able to use the "infected" laptop and am currently using it to post this message!
this is the report from the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2013 02
Ran by SYSTEM at 2013-04-23 21:26:28 Run:2
Running from H:\
Boot Mode: Recovery
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SoundDrivers value deleted successfully.
HKEY_USERS\Kenny\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load Error setting value.

==== End of Fixlog ====












And this is the report from combofix:




ComboFix 13-04-23.02 - Kenny 04/23/2013 21:39:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.4114 [GMT -4:00]
Running from: c:\users\Kenny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\dler.exe
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\header.bmp
c:\program files (x86)\smartdl\header2.bmp
c:\program files (x86)\smartdl\header3.bmp
c:\program files (x86)\smartdl\next.bmp
c:\program files (x86)\smartdl\skip.bmp
c:\program files (x86)\smartdl\status-o
c:\programdata\126130x4d750f512s108o7glk0c5
c:\programdata\f34rfcdsfwe.exe
c:\programdata\SPL718A.tmp
C:\torrent.exe
c:\users\Kenny\AppData\Roaming\887511809.log
c:\users\Kenny\AppData\Roaming\Local
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\1800.4530188.avi&b=290.ddr
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\1800.4530188.avi&b=290.ddp
c:\users\Kenny\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\Kenny\AppData\Roaming\Xuba
c:\users\Kenny\AppData\Roaming\Xuba\qouzdy.loe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 02:00 . 2013-04-24 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-11 07:18 . 2013-04-11 07:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-04 09:04 . 2013-04-19 21:23 -------- d-----w- c:\users\Kenny\AppData\Local\Spotify
2013-04-04 09:04 . 2013-04-24 02:06 -------- d-----w- c:\users\Kenny\AppData\Roaming\Spotify
2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-04-03 15:13 . 2013-04-03 15:13 -------- d-----w- c:\users\Kenny\AppData\Local\Macromedia
2013-04-03 15:12 . 2013-04-03 15:17 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-03 15:12 . 2013-04-03 15:12 -------- d-----w- c:\windows\system32\Macromed
2013-04-03 15:02 . 2013-04-03 15:02 -------- d-----w- c:\programdata\ErrorEND64
2013-04-03 15:02 . 2013-04-03 15:02 -------- d-----w- c:\program files\ErrorEND
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-03 15:17 . 2012-01-05 23:20 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 11:25 . 2012-09-04 04:48 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-07 02:42 . 2013-02-07 02:42 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-02-07 02:32 . 2013-02-07 02:32 1897963 ----a-w- C:\MGtools.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"Facebook Update"="c:\users\Kenny\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-06 39408]
"Spotify"="c:\users\Kenny\AppData\Roaming\Spotify\Spotify.exe" [2013-04-18 4547584]
"Spotify Web Helper"="c:\users\Kenny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-18 1105408]
"GizmoDriveDelegate"="c:\progra~2\GIZMO\GDRIVE.DLL" [2010-08-11 390752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-11 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"lxdxmon.exe"="c:\program files (x86) (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"lxdxamon"="c:\program files (x86) (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kenny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe [2010-8-11 220768]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-02-07 32152]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-20 22528]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-09-12 7680512]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-31 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-04-11 384800]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-11-28 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-02 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe [2010-08-11 31856]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 968880]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-10-02 116240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-02 10342240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 03:21 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 15:17]
.
2013-04-23 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ERROREND.exe [2013-01-28 11:11]
.
2013-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000Core.job
- c:\users\Kenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-26 16:15]
.
2013-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000UA.job
- c:\users\Kenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-26 16:15]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-06 02:47]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-06 02:47]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000Core.job
- c:\users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 14:17]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-536816624-450442288-1676957109-1000UA.job
- c:\users\Kenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 14:17]
.
2013-04-16 c:\windows\Tasks\HPCeeScheduleForKenny.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Kenny\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-17 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-02 414744]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"lxdxamon"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-28 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?shva=1
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\6ot92by2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-05 14:20; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files (x86)\AVG\AVG2012\Firefox4
FF - ExtSQL: !HIDDEN! 2010-10-05 03:34; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Lexmark 3600-4600 Series\lxdxMsdMon.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2013-04-23 22:12:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-24 02:12
.
Pre-Run: 110,787,072,000 bytes free
Post-Run: 110,224,379,904 bytes free
.
- - End Of File - - 92E8F633E67C3D108D41C8F6F5A2F85B
  • 0

#6
JSntgRvr
Posted 23 April 2013 - 08:31 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets check for remnants.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Launch and update Malwarebytes Antimalware and perform a quick scan. Post the report.


Concerning Hitman Pro, I would recommend you remove it from the computer. It has been the cause of many unbotable computers.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP