I am going to be away from my computer for 2 days. I am going out of town. I will do the next fix when I return on Tuesday. Thank you for all your help. I will send you a reply when I get back. Jodibfp
Strange letters & characters show up in e-mails & texts [Solv
Started by
Jodibfp
, Jan 24 2014 02:52 PM
-
This topic is locked
#16
Posted 26 January 2014 - 02:40 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
I am going to be away from my computer for 2 days. I am going out of town. I will do the next fix when I return on Tuesday. Thank you for all your help. I will send you a reply when I get back. Jodibfp
#17
Posted 26 January 2014 - 02:48 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okie dokie. 
#18
Posted 29 January 2014 - 12:55 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
Here is the combo fix log. ComboFix 14-01-29.01 - Jodi 01/29/2014 10:24:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3571.1637 [GMT -8:00]
Running from: c:\users\Jodi\Desktop\ComboFix.exe
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Web Protect\WeBProtect.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-29 )))))))))))))))))))))))))))))))
.
.
2014-01-26 02:10 . 2014-01-29 18:43 -------- d-----w- c:\windows\SysWow64\WCID
2014-01-26 01:45 . 2014-01-29 18:48 -------- d-----w- c:\users\Jodi\AppData\Local\Temp
2014-01-26 01:45 . 2014-01-26 01:25 24064 ----a-w- c:\windows\zoek-delete.exe
2014-01-26 01:37 . 2014-01-26 03:31 -------- d-----w- C:\zoek
2014-01-21 18:46 . 2014-01-21 18:46 -------- dc----w- c:\windows\system32\DRVSTORE
2014-01-21 18:46 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-01-21 18:45 . 2014-01-21 18:45 -------- d-----w- c:\program files\iPod
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\program files\iTunes
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\program files (x86)\iTunes
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files\Common Files\Apple
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files\Bonjour
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files (x86)\Bonjour
2014-01-15 16:54 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 16:54 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 16:54 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 16:54 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 16:54 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 16:54 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 16:54 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 16:54 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 16:54 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 17:33 . 2013-01-18 22:26 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-23 01:07 . 2013-12-23 01:07 1409 ----a-w- c:\windows\QTFont.for
2013-12-11 19:01 . 2013-01-25 02:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 19:01 . 2011-11-18 19:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 11:54 . 2013-12-11 04:14 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 04:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 04:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 04:14 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 04:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 04:14 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 04:14 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 04:14 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 04:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 04:14 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 04:14 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 04:14 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 04:14 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 04:14 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 04:14 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 04:14 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 04:14 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 04:14 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 04:14 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 04:14 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 04:14 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 04:14 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 04:14 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 04:14 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 00:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 00:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-18 21:04 . 2013-11-18 21:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-18 21:04 . 2013-11-18 21:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-18 21:04 . 2013-11-18 21:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-18 21:04 . 2013-11-18 21:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-18 21:04 . 2013-11-18 21:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-18 21:04 . 2013-11-18 21:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-18 21:04 . 2013-11-18 21:04 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-18 21:04 . 2013-11-18 21:04 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-18 21:04 . 2013-11-18 21:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-18 21:04 . 2013-11-18 21:04 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-18 21:04 . 2013-11-18 21:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-18 21:04 . 2013-11-18 21:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-18 21:04 . 2013-11-18 21:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-18 21:04 . 2013-11-18 21:04 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-18 21:04 . 2013-11-18 21:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-18 21:04 . 2013-11-18 21:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-18 21:04 . 2013-11-18 21:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-18 21:04 . 2013-11-18 21:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-18 21:04 . 2013-11-18 21:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-18 21:04 . 2013-11-18 21:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-18 21:04 . 2013-11-18 21:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-18 21:04 . 2013-11-18 21:04 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-18 21:04 . 2013-11-18 21:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-18 21:04 . 2013-11-18 21:04 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-18 21:04 . 2013-11-18 21:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-18 21:04 . 2013-11-18 21:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-18 21:04 . 2013-11-18 21:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-18 21:04 . 2013-11-18 21:04 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-18 21:04 . 2013-11-18 21:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-18 21:04 . 2013-11-18 21:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-18 21:04 . 2013-11-18 21:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-18 21:04 . 2013-11-18 21:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-18 21:04 . 2013-11-18 21:04 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-18 21:04 . 2013-11-18 21:04 413696 ----a-w- c:\windows\system32\html.iec
2013-11-18 21:04 . 2013-11-18 21:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 21:04 . 2013-11-18 21:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-18 21:04 . 2013-11-18 21:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-18 21:04 . 2013-11-18 21:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-18 21:04 . 2013-11-18 21:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-18 21:04 . 2013-11-18 21:04 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-18 21:04 . 2013-11-18 21:04 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-18 21:04 . 2013-11-18 21:04 235520 ----a-w- c:\windows\system32\url.dll
2013-11-18 21:04 . 2013-11-18 21:04 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-18 21:04 . 2013-11-18 21:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-18 21:04 . 2013-11-18 21:04 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-18 21:04 . 2013-11-18 21:04 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-18 21:04 . 2013-11-18 21:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-18 21:04 . 2013-11-18 21:04 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-18 21:04 . 2013-11-18 21:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-18 21:04 . 2013-11-18 21:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-18 21:04 . 2013-11-18 21:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-18 21:04 . 2013-11-18 21:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-18 21:04 . 2013-11-18 21:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-18 21:04 . 2013-11-18 21:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-18 21:04 . 2013-11-18 21:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-18 21:04 . 2013-11-18 21:04 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-12 02:23 . 2013-12-11 00:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 00:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-14 20:48 . 2013-09-07 20:38 712264 ----a-w- c:\program files (x86)\7jUninstall GardeningEnthusiast.dll
2013-07-14 20:48 . 2013-09-07 20:38 194960 ----a-w- c:\program files (x86)\7jres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-11-16 2717816]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-24 105120]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h [2004-8-11 757760]
Kodak software updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [x]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys;c:\windows\SYSNATIVE\Drivers\PCTBD64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\users\Jodi\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\users\Jodi\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys;c:\windows\SYSNATIVE\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys;c:\windows\SYSNATIVE\drivers\pctEFA64.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys;c:\windows\SYSNATIVE\drivers\pctgntdi64.sys [x]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys;c:\windows\SYSNATIVE\DRIVERS\pctNdisLW64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys;c:\windows\SYSNATIVE\Drivers\PCTSD64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys;c:\windows\SYSNATIVE\drivers\pctNdis-PacketFilter64.sys [x]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys;c:\windows\SYSNATIVE\drivers\pctplfw64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys;c:\windows\SYSNATIVE\drivers\pctplsg64.sys [x]
S3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys;c:\windows\SYSNATIVE\drivers\pctplsm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 09:37 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 19:01]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 02:24]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 02:24]
.
2014-01-20 c:\windows\Tasks\HPCeeScheduleForJODI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-01-26 c:\windows\Tasks\HPCeeScheduleForJodi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-01-29 c:\windows\Tasks\PTAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Utilities\SULauncher.exe [2013-01-18 19:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\cis3sens.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.netzero.net/?&try=1
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: !HIDDEN! 2013-02-10 20:22; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - c:\program files (x86)\Web Protect\WebProtect.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
.
**************************************************************************
.
Completion time: 2014-01-29 10:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-29 18:51
.
Pre-Run: 933,964,529,664 bytes free
Post-Run: 933,978,501,120 bytes free
.
- - End Of File - - A52DCF51948AD2A17D003494B2A86423
A36C5E4F47E84449FF07ED3517B43A31
And noe the fixlist log. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014
Ran by Jodi at 2014-01-29 10:17:05 Run:2
Running from C:\Users\Jodi\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
MountPoints2: {ca2c14de-7bcb-11e2-bcbf-386077b88ec2} - G:\LaunchU3.exe -a
HKU\Kevi\...\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim
HKU\Kevi\...\Run: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll",RunConduitFloatingPlugin bpfboklmeiefoedekjeigdcnfbpjeaii
C:\Program Files (x86)\Conduit
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup.exe
C:\Program Files (x86)\SparkTrust
C:\ProgramData\SparkTrust
C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
C:\Users\Jodi\AppData\Roaming\SparkTrust
C:\Windows\System32\Tasks\SparkTrust Registration3
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (1).exe
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (2).exe
C:\Windows\Tasks\SparkTrust Registration3.job
C:\Program Files (x86)\PC Utility Kit
C:\ProgramData\PC Utility Kit
C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
C:\Users\Jodi\AppData\Roaming\PC Utility Kit
C:\Users\Jodi\Downloads\PC Utility Kit Installer.exe
C:\Windows\System32\Tasks\PC Utility Kit Registration3
C:\Windows\Tasks\DMDefragSchedule.job
Task: {692EA836-10B2-470A-80E5-AFBD7EC40858} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {C954062D-4722-43BF-8511-24F96192E0B8} - System32\Tasks\4571 => Wscript.exe C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
C:\Program Files (x86)\Common Files\PC Utility Kit
C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
C:\Program Files (x86)\Common Files\SparkTrust
*****************
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca2c14de-7bcb-11e2-bcbf-386077b88ec2} => Key deleted successfully.
HKCR\CLSID\{ca2c14de-7bcb-11e2-bcbf-386077b88ec2} => Key not found.
HKU\Kevi\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim => Value not found.
HKU\Kevi\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii => Value not found.
"C:\Program Files (x86)\Conduit" => File/Directory not found.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup.exe => Moved successfully.
"C:\Program Files (x86)\SparkTrust" => File/Directory not found.
C:\ProgramData\SparkTrust => Moved successfully.
"C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust" => File/Directory not found.
C:\Users\Jodi\AppData\Roaming\SparkTrust => Moved successfully.
"C:\Windows\System32\Tasks\SparkTrust Registration3" => File/Directory not found.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (1).exe => Moved successfully.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (2).exe => Moved successfully.
"C:\Windows\Tasks\SparkTrust Registration3.job" => File/Directory not found.
"C:\Program Files (x86)\PC Utility Kit" => File/Directory not found.
C:\ProgramData\PC Utility Kit => Moved successfully.
"C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit" => File/Directory not found.
C:\Users\Jodi\AppData\Roaming\PC Utility Kit => Moved successfully.
C:\Users\Jodi\Downloads\PC Utility Kit Installer.exe => Moved successfully.
"C:\Windows\System32\Tasks\PC Utility Kit Registration3" => File/Directory not found.
C:\Windows\Tasks\DMDefragSchedule.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{692EA836-10B2-470A-80E5-AFBD7EC40858} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{692EA836-10B2-470A-80E5-AFBD7EC40858} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C954062D-4722-43BF-8511-24F96192E0B8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C954062D-4722-43BF-8511-24F96192E0B8} => Key deleted successfully.
C:\Windows\System32\Tasks\4571 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4571 => Key deleted successfully.
C:\Windows\Tasks\PC Utility Kit Registration3.job not found.
"C:\Program Files (x86)\Common Files\PC Utility Kit" => File/Directory not found.
"C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B" => File/Directory not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
"C:\Program Files (x86)\Common Files\SparkTrust" => File/Directory not found.
==== End of Fixlog ====
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3571.1637 [GMT -8:00]
Running from: c:\users\Jodi\Desktop\ComboFix.exe
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Web Protect\WeBProtect.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-29 )))))))))))))))))))))))))))))))
.
.
2014-01-26 02:10 . 2014-01-29 18:43 -------- d-----w- c:\windows\SysWow64\WCID
2014-01-26 01:45 . 2014-01-29 18:48 -------- d-----w- c:\users\Jodi\AppData\Local\Temp
2014-01-26 01:45 . 2014-01-26 01:25 24064 ----a-w- c:\windows\zoek-delete.exe
2014-01-26 01:37 . 2014-01-26 03:31 -------- d-----w- C:\zoek
2014-01-21 18:46 . 2014-01-21 18:46 -------- dc----w- c:\windows\system32\DRVSTORE
2014-01-21 18:46 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-01-21 18:45 . 2014-01-21 18:45 -------- d-----w- c:\program files\iPod
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\program files\iTunes
2014-01-21 18:45 . 2014-01-21 18:46 -------- d-----w- c:\program files (x86)\iTunes
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files\Common Files\Apple
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files\Bonjour
2014-01-21 18:44 . 2014-01-21 18:44 -------- d-----w- c:\program files (x86)\Bonjour
2014-01-15 16:54 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 16:54 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 16:54 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 16:54 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 16:54 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 16:54 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 16:54 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 16:54 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 16:54 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 17:33 . 2013-01-18 22:26 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-23 01:07 . 2013-12-23 01:07 1409 ----a-w- c:\windows\QTFont.for
2013-12-11 19:01 . 2013-01-25 02:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 19:01 . 2011-11-18 19:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 11:54 . 2013-12-11 04:14 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 04:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 04:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 04:14 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 04:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 04:14 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 04:14 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 04:14 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 04:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 04:14 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 04:14 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 04:14 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 04:14 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 04:14 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 04:14 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 04:14 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 04:14 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 04:14 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 04:14 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 04:14 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 04:14 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 04:14 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 04:14 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 04:14 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 00:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 00:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-18 21:04 . 2013-11-18 21:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-18 21:04 . 2013-11-18 21:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-18 21:04 . 2013-11-18 21:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-18 21:04 . 2013-11-18 21:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-18 21:04 . 2013-11-18 21:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-18 21:04 . 2013-11-18 21:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-18 21:04 . 2013-11-18 21:04 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-18 21:04 . 2013-11-18 21:04 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-18 21:04 . 2013-11-18 21:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-18 21:04 . 2013-11-18 21:04 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-18 21:04 . 2013-11-18 21:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-18 21:04 . 2013-11-18 21:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-18 21:04 . 2013-11-18 21:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-18 21:04 . 2013-11-18 21:04 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-18 21:04 . 2013-11-18 21:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-18 21:04 . 2013-11-18 21:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-18 21:04 . 2013-11-18 21:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-18 21:04 . 2013-11-18 21:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-18 21:04 . 2013-11-18 21:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-18 21:04 . 2013-11-18 21:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-18 21:04 . 2013-11-18 21:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-18 21:04 . 2013-11-18 21:04 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-18 21:04 . 2013-11-18 21:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-18 21:04 . 2013-11-18 21:04 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-18 21:04 . 2013-11-18 21:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-18 21:04 . 2013-11-18 21:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-18 21:04 . 2013-11-18 21:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-18 21:04 . 2013-11-18 21:04 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-18 21:04 . 2013-11-18 21:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-18 21:04 . 2013-11-18 21:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-18 21:04 . 2013-11-18 21:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-18 21:04 . 2013-11-18 21:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-18 21:04 . 2013-11-18 21:04 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-18 21:04 . 2013-11-18 21:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-18 21:04 . 2013-11-18 21:04 413696 ----a-w- c:\windows\system32\html.iec
2013-11-18 21:04 . 2013-11-18 21:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 21:04 . 2013-11-18 21:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-18 21:04 . 2013-11-18 21:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-18 21:04 . 2013-11-18 21:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-18 21:04 . 2013-11-18 21:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-18 21:04 . 2013-11-18 21:04 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-18 21:04 . 2013-11-18 21:04 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-18 21:04 . 2013-11-18 21:04 235520 ----a-w- c:\windows\system32\url.dll
2013-11-18 21:04 . 2013-11-18 21:04 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-18 21:04 . 2013-11-18 21:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-18 21:04 . 2013-11-18 21:04 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-18 21:04 . 2013-11-18 21:04 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-18 21:04 . 2013-11-18 21:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-18 21:04 . 2013-11-18 21:04 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-18 21:04 . 2013-11-18 21:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-18 21:04 . 2013-11-18 21:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-18 21:04 . 2013-11-18 21:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-18 21:04 . 2013-11-18 21:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-18 21:04 . 2013-11-18 21:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-18 21:04 . 2013-11-18 21:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-18 21:04 . 2013-11-18 21:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-18 21:04 . 2013-11-18 21:04 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-12 02:23 . 2013-12-11 00:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 00:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-14 20:48 . 2013-09-07 20:38 712264 ----a-w- c:\program files (x86)\7jUninstall GardeningEnthusiast.dll
2013-07-14 20:48 . 2013-09-07 20:38 194960 ----a-w- c:\program files (x86)\7jres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-11-16 2717816]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-24 105120]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h [2004-8-11 757760]
Kodak software updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [x]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys;c:\windows\SYSNATIVE\Drivers\PCTBD64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\users\Jodi\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\users\Jodi\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys;c:\windows\SYSNATIVE\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys;c:\windows\SYSNATIVE\drivers\pctEFA64.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys;c:\windows\SYSNATIVE\drivers\pctgntdi64.sys [x]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys;c:\windows\SYSNATIVE\DRIVERS\pctNdisLW64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys;c:\windows\SYSNATIVE\Drivers\PCTSD64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys;c:\windows\SYSNATIVE\drivers\pctNdis-PacketFilter64.sys [x]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys;c:\windows\SYSNATIVE\drivers\pctplfw64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys;c:\windows\SYSNATIVE\drivers\pctplsg64.sys [x]
S3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys;c:\windows\SYSNATIVE\drivers\pctplsm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 09:37 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 19:01]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 02:24]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 02:24]
.
2014-01-20 c:\windows\Tasks\HPCeeScheduleForJODI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-01-26 c:\windows\Tasks\HPCeeScheduleForJodi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-01-29 c:\windows\Tasks\PTAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Utilities\SULauncher.exe [2013-01-18 19:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\cis3sens.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.netzero.net/?&try=1
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: !HIDDEN! 2013-02-10 20:22; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - c:\program files (x86)\Web Protect\WebProtect.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
.
**************************************************************************
.
Completion time: 2014-01-29 10:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-29 18:51
.
Pre-Run: 933,964,529,664 bytes free
Post-Run: 933,978,501,120 bytes free
.
- - End Of File - - A52DCF51948AD2A17D003494B2A86423
A36C5E4F47E84449FF07ED3517B43A31
And noe the fixlist log. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014
Ran by Jodi at 2014-01-29 10:17:05 Run:2
Running from C:\Users\Jodi\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
MountPoints2: {ca2c14de-7bcb-11e2-bcbf-386077b88ec2} - G:\LaunchU3.exe -a
HKU\Kevi\...\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim
HKU\Kevi\...\Run: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll",RunConduitFloatingPlugin bpfboklmeiefoedekjeigdcnfbpjeaii
C:\Program Files (x86)\Conduit
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup.exe
C:\Program Files (x86)\SparkTrust
C:\ProgramData\SparkTrust
C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
C:\Users\Jodi\AppData\Roaming\SparkTrust
C:\Windows\System32\Tasks\SparkTrust Registration3
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (1).exe
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (2).exe
C:\Windows\Tasks\SparkTrust Registration3.job
C:\Program Files (x86)\PC Utility Kit
C:\ProgramData\PC Utility Kit
C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
C:\Users\Jodi\AppData\Roaming\PC Utility Kit
C:\Users\Jodi\Downloads\PC Utility Kit Installer.exe
C:\Windows\System32\Tasks\PC Utility Kit Registration3
C:\Windows\Tasks\DMDefragSchedule.job
Task: {692EA836-10B2-470A-80E5-AFBD7EC40858} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {C954062D-4722-43BF-8511-24F96192E0B8} - System32\Tasks\4571 => Wscript.exe C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
C:\Program Files (x86)\Common Files\PC Utility Kit
C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
C:\Program Files (x86)\Common Files\SparkTrust
*****************
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca2c14de-7bcb-11e2-bcbf-386077b88ec2} => Key deleted successfully.
HKCR\CLSID\{ca2c14de-7bcb-11e2-bcbf-386077b88ec2} => Key not found.
HKU\Kevi\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim => Value not found.
HKU\Kevi\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii => Value not found.
"C:\Program Files (x86)\Conduit" => File/Directory not found.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup.exe => Moved successfully.
"C:\Program Files (x86)\SparkTrust" => File/Directory not found.
C:\ProgramData\SparkTrust => Moved successfully.
"C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust" => File/Directory not found.
C:\Users\Jodi\AppData\Roaming\SparkTrust => Moved successfully.
"C:\Windows\System32\Tasks\SparkTrust Registration3" => File/Directory not found.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (1).exe => Moved successfully.
C:\Users\Jodi\Downloads\SparkTrust PC Cleaner Plus Setup (2).exe => Moved successfully.
"C:\Windows\Tasks\SparkTrust Registration3.job" => File/Directory not found.
"C:\Program Files (x86)\PC Utility Kit" => File/Directory not found.
C:\ProgramData\PC Utility Kit => Moved successfully.
"C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit" => File/Directory not found.
C:\Users\Jodi\AppData\Roaming\PC Utility Kit => Moved successfully.
C:\Users\Jodi\Downloads\PC Utility Kit Installer.exe => Moved successfully.
"C:\Windows\System32\Tasks\PC Utility Kit Registration3" => File/Directory not found.
C:\Windows\Tasks\DMDefragSchedule.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{692EA836-10B2-470A-80E5-AFBD7EC40858} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{692EA836-10B2-470A-80E5-AFBD7EC40858} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C954062D-4722-43BF-8511-24F96192E0B8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C954062D-4722-43BF-8511-24F96192E0B8} => Key deleted successfully.
C:\Windows\System32\Tasks\4571 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4571 => Key deleted successfully.
C:\Windows\Tasks\PC Utility Kit Registration3.job not found.
"C:\Program Files (x86)\Common Files\PC Utility Kit" => File/Directory not found.
"C:\Users\Jodi\AppData\Local\Temp\launchie.vbs //B" => File/Directory not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
"C:\Program Files (x86)\Common Files\SparkTrust" => File/Directory not found.
==== End of Fixlog ====
#19
Posted 29 January 2014 - 01:38 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Jodibfp,
Please run a free online scan with the ESET Online Scanner
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
Note: This scan works with Internet Explorer or Mozilla FireFox.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
Please run a free online scan with the ESET Online Scanner
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
Note: This scan works with Internet Explorer or Mozilla FireFox.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
- Click the green ESET Online Scanner box
- Tick the box next to YES, I accept the Terms of Use
then click on: Start - You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Scan archives is checked.
- If you are given an option to quarantine files ensure the scan is set to do so.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click on Start
- The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
- Then click on: Finish
- Copy and paste that log as a reply to this topic and tell me how your machine is now.
#20
Posted 29 January 2014 - 06:04 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi,
I ran the scan from ESET, however I did not check any of the Advanced settings applications before I hit start. Should I check finish on the scan? or should I run it again.? I haven't checked uninstall or delete quarantined threats yet either. Please advise.
I ran the scan from ESET, however I did not check any of the Advanced settings applications before I hit start. Should I check finish on the scan? or should I run it again.? I haven't checked uninstall or delete quarantined threats yet either. Please advise.
#21
Posted 29 January 2014 - 06:26 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Did it find anything?
If so copy the log file then ensure items found are quarantined and select to uninstall if the option is available. Then click to finish.
Post the log back here.
If so copy the log file then ensure items found are quarantined and select to uninstall if the option is available. Then click to finish.
Post the log back here.
#22
Posted 29 January 2014 - 08:15 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi,
I can't find the log file/. It said I have 2 threats. cleaned 2 infections. Can not locate the other info to copy it to reply. very elusive log i guess.
I can't find the log file/. It said I have 2 threats. cleaned 2 infections. Can not locate the other info to copy it to reply. very elusive log i guess.
#23
Posted 29 January 2014 - 08:20 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
It said I have 2 threats. cleaned 2 infections.
Looks like it worked okay.
How is your machine now?
#24
Posted 31 January 2014 - 01:50 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi,
It seems to be ok. I am still having some Java difficulties reading some correspondence. But I think the virus may be gone. Can I delete the logs that are on desktop? and should uninstall the programs we were using?
It seems to be ok. I am still having some Java difficulties reading some correspondence. But I think the virus may be gone. Can I delete the logs that are on desktop? and should uninstall the programs we were using?
#25
Posted 31 January 2014 - 02:36 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again Jodibfp,
Do you mean Adobe Reader?
Go to the link below to update your Adobe Reader.
Note: Before you download/install ensure you uncheck the "Yes install Chrome as default browser and Google Toolbar for Internet Explorer" or any other third party software option. That is foistware.
http://www.adobe.com.../readstep2.html
Note: From time to time software suppliers change the foistware options so it may not show the one quoted in the instructions above. Just take care to untick any boxes offering an option to download or install any other program.
I think you are good to go now.
We have a couple of last steps to perform and then you're all set.
Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.
Any remaining tools may be deleted.
-------------------------------------------------------------------------------------------------------------------
A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------
Here are some things that I think are worth having a look at if you don't already know about them:
---------------------------------------------------------------------------------------------------------------------
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.
----------------------------------------------------------------------------------------------------------------------
Java warning
Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.
How to disable Java in your web browser and How to unplug Java from the browser
If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
CryptoLocker Warning
There is a particularly nasty infection out there at the moment.
Go here for information about CryptoLocker Ransomeware
Download CryptoPrevent free for home use.
--------------------------------------------------------------------------------------------------------------------
To help protect your computer in the future:
If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.
Be aware of what emails you open and websites you visit.
Go here for some good advice about how to prevent infection.
A fun way to check your online safety literacy.
Quiz - getsafeonline
Have a safe and happy computing day!
I am still having some Java difficulties reading some correspondence.
Do you mean Adobe Reader?
Go to the link below to update your Adobe Reader.
Note: Before you download/install ensure you uncheck the "Yes install Chrome as default browser and Google Toolbar for Internet Explorer" or any other third party software option. That is foistware.
http://www.adobe.com.../readstep2.html
Note: From time to time software suppliers change the foistware options so it may not show the one quoted in the instructions above. Just take care to untick any boxes offering an option to download or install any other program.
But I think the virus may be gone.
I think you are good to go now.
We have a couple of last steps to perform and then you're all set.
Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
- Go to Start > Programs > Accessories and click on Run
- Copy and paste the the bolded text below in the box then hit OK
Combofix /Uninstall
- Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
- Click on the CleanUp! button
- Click Yes to begin the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.
Any remaining tools may be deleted.
-------------------------------------------------------------------------------------------------------------------
A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------
Here are some things that I think are worth having a look at if you don't already know about them:
---------------------------------------------------------------------------------------------------------------------
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.
----------------------------------------------------------------------------------------------------------------------
Java warning
Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.
How to disable Java in your web browser and How to unplug Java from the browser
If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
- Download Java for Windows
Reboot your computer.
You also need to unininstall older versions of Java.
- Click Start > Control Panel > Add or Remove Programs
- Remove all Java updates except the latest one you have just installed.
CryptoLocker Warning
There is a particularly nasty infection out there at the moment.
Go here for information about CryptoLocker Ransomeware
Download CryptoPrevent free for home use.
--------------------------------------------------------------------------------------------------------------------
To help protect your computer in the future:
If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.
Be aware of what emails you open and websites you visit.
Go here for some good advice about how to prevent infection.
A fun way to check your online safety literacy.
Quiz - getsafeonline
Have a safe and happy computing day!
#26
Posted 31 January 2014 - 03:59 PM
Jodibfp
- Topic Starter
-
- Member
-
- 29 posts
Member
Hi,
Thank you for all the advice. I will get back to you when I have a chance to uninstall these items. You have been extremely helpful. I so much appreciate your service. Your site ROCKS!
Sincerely, Jodibfp
Thank you for all the advice. I will get back to you when I have a chance to uninstall these items. You have been extremely helpful. I so much appreciate your service. Your site ROCKS!
Sincerely, Jodibfp
#27
Posted 31 January 2014 - 04:17 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Thank you for all the advice.
You are very welcome.
I will keep this topic open for a day or two in case any issues arise.
#28
Posted 05 February 2014 - 03:29 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
