gringo
Hyper Links Virus [Solved]
Started by
sleepyjim
, Jan 15 2013 07:00 AM
#16
Posted 17 January 2013 - 08:25 AM
gringo
#17
Posted 17 January 2013 - 10:51 AM
It is in FF and Chrome, IE is fine.....
Jim
Jim
#18
Posted 17 January 2013 - 10:54 AM
Ok I tried all 3 on the same web page to test, well I went back to that page after posting above and FF looks ok now, I tried IE last could that have done something maybe? This is weird....LOL I am not nuts.....
Jim
PS Just went back, closed everything and it is back...so skip this post...sorry.
Jim
PS Just went back, closed everything and it is back...so skip this post...sorry.
Edited by sleepyjim, 17 January 2013 - 10:56 AM.
#19
Posted 17 January 2013 - 11:05 AM
Hello
lets try chrome first
First I need you to go Google Sync and sign into your account
scroll down untill you see the "Stop and Clear" button and click on button
At the prompt click on "Ok"
Now we need to uninstall chrome
I want you to uninstall Chrome and if asked about user data or settings then remove this also
restart the computer and reinstall chrome
Gringo
lets try chrome first
First I need you to go Google Sync and sign into your account
scroll down untill you see the "Stop and Clear" button and click on button
At the prompt click on "Ok"
Now we need to uninstall chrome
I want you to uninstall Chrome and if asked about user data or settings then remove this also
restart the computer and reinstall chrome
Gringo
#20
Posted 17 January 2013 - 02:30 PM
Ok that is done....
#21
Posted 17 January 2013 - 02:52 PM
Hello
how is Chrome working?
I want you to try this for firefox and give me a quick update to how things are
I want you to reset firefox back to defaults, to do this I need you to do this
restart the computer and check firefox for me now
Gringo
how is Chrome working?
I want you to try this for firefox and give me a quick update to how things are
I want you to reset firefox back to defaults, to do this I need you to do this
- At the top of the Firefox window, click the "Firefox" button,
- go over to the "Help" sub-menu
- (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
- Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
- click "Reset Firefox" in the confirmation window that opens.
- Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now
Gringo
#22
Posted 17 January 2013 - 02:58 PM
Chrome is worse, the post you did above now has like 5 hyper link thingies....
FF does not show any on your post....IE is same as chrome, real bad.
Still want me to do FF?
Jim
Also if doing FF, will I lose bookmarks?
FF does not show any on your post....IE is same as chrome, real bad.
Still want me to do FF?
Jim
Also if doing FF, will I lose bookmarks?
Edited by sleepyjim, 17 January 2013 - 03:11 PM.
#23
Posted 18 January 2013 - 03:59 AM
I did FF restart without add ons disabled and it seems to work good now, should I do the complete reset to defaults?
Maybe this virus is an add on?
IE and Chrome still bad.....
Jim
Maybe this virus is an add on?
IE and Chrome still bad.....
Jim
Edited by sleepyjim, 18 January 2013 - 04:05 AM.
#24
Posted 18 January 2013 - 05:08 PM
Greetings,
yes do the reset for firefox and do this for IE
first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737
Then I want you to do the following
Gringo
yes do the reset for firefox and do this for IE
first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737
Then I want you to do the following
- Start Internet Explorer.
- click on "safety"
- click on "Delete Browsing History"
- make sure all boxes are checked
- click on "Delete"
- click on "Tools",
- click "Internet Options".
- On the "Advanced" tab, click "Reset"
- put a check mark next to "Delete Personal Settings"
- click "Reset" to confirm
- when complete click the "Close" button
- restart IE
Gringo
#25
Posted 18 January 2013 - 10:22 PM
WOO HOO I think that got her!
I went to a couple sites and all is good, even this thread (Which was real bad) appears normal....
Thank you sooo much!
So was it add ons or a virus that got in the add on area?
Whatever it was I had to "OK" it to load up, Comodo has been great at catching things for years, I got to be more aware I guess.....
Anything else I need to do?
I went to a couple sites and all is good, even this thread (Which was real bad) appears normal....
Thank you sooo much!
So was it add ons or a virus that got in the add on area?
Whatever it was I had to "OK" it to load up, Comodo has been great at catching things for years, I got to be more aware I guess.....
Anything else I need to do?
#26
Posted 19 January 2013 - 06:46 AM
Greetings
yes that looks like what was happening
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Open Notepad and copy/paste the text in the box into the window:
Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
"information and logs"
Gringo
yes that looks like what was happening
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Open Notepad and copy/paste the text in the box into the window:
ClearJavaCache::
Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
"information and logs"
- In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?
Gringo
#27
Posted 19 January 2013 - 12:20 PM
Ok here is the log: All seems good still.....
ComboFix 13-01-17.04 - sleepyjim 01/19/2013 21:53:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2017 [GMT 4:00]
Running from: c:\users\sleepyjim\Desktop\ComboFix.exe
Command switches used :: c:\users\sleepyjim\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sleepyjim\AppData\Roaming\vso_ts_preview.xml
H:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 18:01 . 2013-01-19 18:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-19 18:01 . 2013-01-19 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 20:57 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DF75FCC-3A8A-479C-B194-B1A9A1C2D74C}\mpengine.dll
2013-01-17 21:07 . 2009-06-30 06:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2013-01-17 21:07 . 2013-01-17 21:07 -------- d-----w- c:\program files (x86)\Panda Security
2013-01-17 14:33 . 2013-01-11 23:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-17 14:10 . 2013-01-17 14:10 -------- d-----w- C:\_OTL
2013-01-14 14:08 . 2013-01-14 14:08 -------- d-----w- c:\program files (x86)\VersePerfect
2013-01-11 05:38 . 2013-01-11 05:38 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\ExpressFiles
2013-01-08 20:49 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 20:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 20:48 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 09:04 . 2013-01-03 09:04 -------- d-----w- c:\users\sleepyjim\AppData\Local\Programs
2013-01-01 12:50 . 2013-01-06 13:52 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\FamilyTreeMaker
2013-01-01 12:33 . 2013-01-01 12:33 -------- d-----w- c:\users\sleepyjim\AppData\Local\IsolatedStorage
2013-01-01 12:27 . 2013-01-13 15:22 -------- d-----w- c:\users\sleepyjim\AppData\Local\Ancestry.com
2013-01-01 12:25 . 2013-01-01 23:17 -------- d-----w- c:\program files (x86)\Family Tree Maker 2012
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- c:\program files (x86)\BCL Technologies
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- C:\IExp1.tmp
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- C:\IExp0.tmp
2013-01-01 12:25 . 2013-01-01 12:25 -------- d--h--w- c:\windows\msdownld.tmp
2013-01-01 12:19 . 2013-01-06 12:12 -------- d--h--w- c:\programdata\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2013-01-01 12:19 . 2013-01-01 12:19 -------- d-----w- c:\users\sleepyjim\AppData\Local\PackageAware
2012-12-30 12:47 . 2012-12-30 12:47 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
2012-12-30 12:47 . 2012-12-30 17:26 -------- d-----w- c:\program files (x86)\Free PDF to Word Converter
2012-12-28 09:40 . 2012-12-28 09:40 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-28 08:32 . 2012-12-28 09:51 -------- d-----w- c:\programdata\wxDownload
2012-12-25 18:46 . 2012-12-25 18:46 29184 ----a-w- c:\windows\SysWow64\ssunstl.exe
2012-12-25 18:46 . 2000-03-29 22:30 918528 ----a-w- c:\windows\SysWow64\Cherokee Historical Images.scr
2012-12-22 08:48 . 2012-12-22 08:47 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-22 08:48 . 2012-12-22 08:47 308200 ----a-w- c:\windows\system32\javaws.exe
2012-12-22 08:48 . 2012-12-22 08:47 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-22 08:48 . 2012-12-22 08:47 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-22 08:48 . 2012-12-22 08:47 188392 ----a-w- c:\windows\system32\javaw.exe
2012-12-22 08:48 . 2012-12-22 08:47 188392 ----a-w- c:\windows\system32\java.exe
2012-12-22 08:47 . 2012-12-22 08:47 -------- d-----w- c:\program files\Java
2012-12-22 05:11 . 2012-12-22 05:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-22 05:10 . 2012-12-22 05:10 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-21 23:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 23:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 23:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 23:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:21 . 2012-04-12 01:32 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:21 . 2011-08-12 04:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 05:10 . 2011-03-09 17:58 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 13:31 . 2011-03-10 17:34 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 12:49 . 2011-06-30 19:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-08 20:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 23:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 16:49 . 2012-05-05 04:28 38368 ----a-w- c:\windows\system32\drivers\visctap0901.sys
2012-11-09 05:45 . 2012-12-12 22:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 22:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-07 23:38 . 2011-01-06 13:37 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-01-06 13:37 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:37 . 2011-01-06 13:36 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:37 . 2011-01-06 13:36 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-21 06:27 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2010-12-28 21:42 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-07 23:37 . 2010-12-28 21:42 390392 ----a-w- c:\windows\system32\guard64.dll
2012-11-03 19:01 . 2012-11-03 19:01 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-03 19:01 . 2012-11-03 19:01 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-03 19:01 . 2012-11-03 19:01 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-03 19:01 . 2012-11-03 19:01 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-03 19:01 . 2012-11-03 19:01 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-03 19:01 . 2012-11-03 19:01 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-03 19:01 . 2012-11-03 19:01 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-03 19:01 . 2012-11-03 19:01 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-03 19:01 . 2012-11-03 19:01 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-03 19:01 . 2012-11-03 19:01 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-03 19:01 . 2012-11-03 19:01 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-03 19:01 . 2012-11-03 19:01 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-03 19:01 . 2012-11-03 19:01 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-03 19:01 . 2012-11-03 19:01 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-03 19:01 . 2012-11-03 19:01 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-03 19:01 . 2012-11-03 19:01 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-03 19:01 . 2012-11-03 19:01 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-03 19:01 . 2012-11-03 19:01 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-03 19:01 . 2012-11-03 19:01 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-03 19:01 . 2012-11-03 19:01 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-03 19:01 . 2012-11-03 19:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-03 19:01 . 2012-11-03 19:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-03 19:01 . 2012-11-03 19:01 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-03 19:01 . 2012-11-03 19:01 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-03 19:00 . 2012-11-03 19:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-03 19:00 . 2012-11-03 19:00 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-03 19:00 . 2012-11-03 19:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-03 19:00 . 2012-11-03 19:00 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-03 19:00 . 2012-11-03 19:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-03 19:00 . 2012-11-03 19:00 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-03 19:00 . 2012-11-03 19:00 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-02 05:59 . 2012-12-12 22:21 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 22:21 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2011-03-09 17:29 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-03-09 17:29 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-03-09 17:29 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-03-09 17:28 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-03-09 17:29 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-03-09 17:28 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-03-09 17:28 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-03-09 17:28 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-24 23:12 . 2012-10-24 23:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-24 23:12 . 2012-10-24 23:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files (x86)\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 5629312]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-29 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2012-11-09 664688]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-17 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 5955000]
"HP Software Update"="c:\program files (x86)\hp\hp software update\hpwuschd2.exe" [2011-05-09 49208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-03 19456]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-03 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\DRIVERS\visctap0901.sys [2012-11-09 38368]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-10 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-29 137312]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-06-29 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-06-29 146528]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-09 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-29 3459024]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-27 5914912]
S2 WiTopiaService;WiTopia Service;c:\program files\WiTopia\WiTopiaService.exe [2012-11-09 61040]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-29 367200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-17 20:22 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 16:21]
.
2013-01-19 c:\windows\Tasks\AWC AutoSweep.job
- e:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-08 10:11]
.
2013-01-19 c:\windows\Tasks\AWC Update.job
- e:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-08 11:24]
.
2013-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
- c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29 04:39]
.
2013-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
- c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29 04:39]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 09:34]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 09:34]
.
2013-01-02 c:\windows\Tasks\HPCeeScheduleForsleepyjim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"SmartMenu"="c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe" [2010-01-18 568888]
"iTunesHelper"="c:\program files (x86)\itunes\ituneshelper.exe" [2012-12-12 152544]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
uInternet Settings,ProxyOverride = *.local
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
TCP: Interfaces\{5B0AB7A1-CB14-407F-A483-87199B5BB6E5}: NameServer = 129.250.35.250,129.250.35.251
FF - ProfilePath - c:\users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\f528vw4b.default-1358508061006\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - ExtSQL: 2013-01-19 15:17; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\f528vw4b.default-1358508061006\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-45030239.sys
WebBrowser-{6B34ACCF-1B63-4E1A-8633-461917C75544} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Cherokee Historical Images - c:\windows\system32\ssunstl.exe
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-01-19 22:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 18:10
ComboFix2.txt 2009-12-06 13:21
.
Pre-Run: 357,908,717,568 bytes free
Post-Run: 357,965,361,152 bytes free
.
- - End Of File - - FB6C4F92408A482266B03AF27FADBE73
ComboFix 13-01-17.04 - sleepyjim 01/19/2013 21:53:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2017 [GMT 4:00]
Running from: c:\users\sleepyjim\Desktop\ComboFix.exe
Command switches used :: c:\users\sleepyjim\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sleepyjim\AppData\Roaming\vso_ts_preview.xml
H:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 18:01 . 2013-01-19 18:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-19 18:01 . 2013-01-19 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 20:57 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DF75FCC-3A8A-479C-B194-B1A9A1C2D74C}\mpengine.dll
2013-01-17 21:07 . 2009-06-30 06:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2013-01-17 21:07 . 2013-01-17 21:07 -------- d-----w- c:\program files (x86)\Panda Security
2013-01-17 14:33 . 2013-01-11 23:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-17 14:10 . 2013-01-17 14:10 -------- d-----w- C:\_OTL
2013-01-14 14:08 . 2013-01-14 14:08 -------- d-----w- c:\program files (x86)\VersePerfect
2013-01-11 05:38 . 2013-01-11 05:38 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\ExpressFiles
2013-01-08 20:49 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 20:48 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 20:48 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 09:04 . 2013-01-03 09:04 -------- d-----w- c:\users\sleepyjim\AppData\Local\Programs
2013-01-01 12:50 . 2013-01-06 13:52 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\FamilyTreeMaker
2013-01-01 12:33 . 2013-01-01 12:33 -------- d-----w- c:\users\sleepyjim\AppData\Local\IsolatedStorage
2013-01-01 12:27 . 2013-01-13 15:22 -------- d-----w- c:\users\sleepyjim\AppData\Local\Ancestry.com
2013-01-01 12:25 . 2013-01-01 23:17 -------- d-----w- c:\program files (x86)\Family Tree Maker 2012
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- c:\program files (x86)\BCL Technologies
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- C:\IExp1.tmp
2013-01-01 12:25 . 2013-01-01 12:25 -------- d-----w- C:\IExp0.tmp
2013-01-01 12:25 . 2013-01-01 12:25 -------- d--h--w- c:\windows\msdownld.tmp
2013-01-01 12:19 . 2013-01-06 12:12 -------- d--h--w- c:\programdata\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2013-01-01 12:19 . 2013-01-01 12:19 -------- d-----w- c:\users\sleepyjim\AppData\Local\PackageAware
2012-12-30 12:47 . 2012-12-30 12:47 -------- d-----w- c:\users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
2012-12-30 12:47 . 2012-12-30 17:26 -------- d-----w- c:\program files (x86)\Free PDF to Word Converter
2012-12-28 09:40 . 2012-12-28 09:40 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-28 08:32 . 2012-12-28 09:51 -------- d-----w- c:\programdata\wxDownload
2012-12-25 18:46 . 2012-12-25 18:46 29184 ----a-w- c:\windows\SysWow64\ssunstl.exe
2012-12-25 18:46 . 2000-03-29 22:30 918528 ----a-w- c:\windows\SysWow64\Cherokee Historical Images.scr
2012-12-22 08:48 . 2012-12-22 08:47 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-22 08:48 . 2012-12-22 08:47 308200 ----a-w- c:\windows\system32\javaws.exe
2012-12-22 08:48 . 2012-12-22 08:47 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-22 08:48 . 2012-12-22 08:47 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-22 08:48 . 2012-12-22 08:47 188392 ----a-w- c:\windows\system32\javaw.exe
2012-12-22 08:48 . 2012-12-22 08:47 188392 ----a-w- c:\windows\system32\java.exe
2012-12-22 08:47 . 2012-12-22 08:47 -------- d-----w- c:\program files\Java
2012-12-22 05:11 . 2012-12-22 05:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-22 05:10 . 2012-12-22 05:10 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-21 23:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 23:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 23:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 23:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:21 . 2012-04-12 01:32 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:21 . 2011-08-12 04:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 05:10 . 2011-03-09 17:58 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 13:31 . 2011-03-10 17:34 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 12:49 . 2011-06-30 19:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-08 20:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 23:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:02 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 16:49 . 2012-05-05 04:28 38368 ----a-w- c:\windows\system32\drivers\visctap0901.sys
2012-11-09 05:45 . 2012-12-12 22:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 22:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-07 23:38 . 2011-01-06 13:37 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-01-06 13:37 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:37 . 2011-01-06 13:36 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:37 . 2011-01-06 13:36 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-21 06:27 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2010-12-28 21:42 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-07 23:37 . 2010-12-28 21:42 390392 ----a-w- c:\windows\system32\guard64.dll
2012-11-03 19:01 . 2012-11-03 19:01 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-03 19:01 . 2012-11-03 19:01 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-03 19:01 . 2012-11-03 19:01 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-03 19:01 . 2012-11-03 19:01 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-03 19:01 . 2012-11-03 19:01 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-03 19:01 . 2012-11-03 19:01 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-03 19:01 . 2012-11-03 19:01 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-03 19:01 . 2012-11-03 19:01 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-03 19:01 . 2012-11-03 19:01 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-03 19:01 . 2012-11-03 19:01 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-03 19:01 . 2012-11-03 19:01 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-03 19:01 . 2012-11-03 19:01 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-03 19:01 . 2012-11-03 19:01 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-03 19:01 . 2012-11-03 19:01 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-03 19:01 . 2012-11-03 19:01 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-03 19:01 . 2012-11-03 19:01 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-03 19:01 . 2012-11-03 19:01 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-03 19:01 . 2012-11-03 19:01 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-03 19:01 . 2012-11-03 19:01 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-03 19:01 . 2012-11-03 19:01 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-03 19:01 . 2012-11-03 19:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-03 19:01 . 2012-11-03 19:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-03 19:01 . 2012-11-03 19:01 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-03 19:01 . 2012-11-03 19:01 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-03 19:00 . 2012-11-03 19:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-03 19:00 . 2012-11-03 19:00 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-03 19:00 . 2012-11-03 19:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-03 19:00 . 2012-11-03 19:00 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-03 19:00 . 2012-11-03 19:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-03 19:00 . 2012-11-03 19:00 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-03 19:00 . 2012-11-03 19:00 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-02 05:59 . 2012-12-12 22:21 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 22:21 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2011-03-09 17:29 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-03-09 17:29 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-03-09 17:29 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-03-09 17:28 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-03-09 17:29 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-03-09 17:28 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-03-09 17:28 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-03-09 17:28 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-24 23:12 . 2012-10-24 23:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-24 23:12 . 2012-10-24 23:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files (x86)\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 5629312]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-29 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2012-11-09 664688]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-17 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 5955000]
"HP Software Update"="c:\program files (x86)\hp\hp software update\hpwuschd2.exe" [2011-05-09 49208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-03 19456]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-03 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\DRIVERS\visctap0901.sys [2012-11-09 38368]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-10 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-29 137312]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-06-29 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-06-29 146528]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-09 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-29 3459024]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-27 5914912]
S2 WiTopiaService;WiTopia Service;c:\program files\WiTopia\WiTopiaService.exe [2012-11-09 61040]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-29 367200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-17 20:22 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 16:21]
.
2013-01-19 c:\windows\Tasks\AWC AutoSweep.job
- e:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-08 10:11]
.
2013-01-19 c:\windows\Tasks\AWC Update.job
- e:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-08 11:24]
.
2013-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
- c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29 04:39]
.
2013-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
- c:\users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29 04:39]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 09:34]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 09:34]
.
2013-01-02 c:\windows\Tasks\HPCeeScheduleForsleepyjim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"SmartMenu"="c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe" [2010-01-18 568888]
"iTunesHelper"="c:\program files (x86)\itunes\ituneshelper.exe" [2012-12-12 152544]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
uInternet Settings,ProxyOverride = *.local
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
TCP: Interfaces\{5B0AB7A1-CB14-407F-A483-87199B5BB6E5}: NameServer = 129.250.35.250,129.250.35.251
FF - ProfilePath - c:\users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\f528vw4b.default-1358508061006\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - ExtSQL: 2013-01-19 15:17; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\f528vw4b.default-1358508061006\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-45030239.sys
WebBrowser-{6B34ACCF-1B63-4E1A-8633-461917C75544} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Cherokee Historical Images - c:\windows\system32\ssunstl.exe
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-01-19 22:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 18:10
ComboFix2.txt 2009-12-06 13:21
.
Pre-Run: 357,908,717,568 bytes free
Post-Run: 357,965,361,152 bytes free
.
- - End Of File - - FB6C4F92408A482266B03AF27FADBE73
#28
Posted 19 January 2013 - 12:29 PM
Hello
I would like to see a report that combofix makes.
extra combofix report
copy and paste the report into this topic for me to review
Gringo
I would like to see a report that combofix makes.
extra combofix report
- push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
- please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
- click ok
copy and paste the report into this topic for me to review
Gringo
#29
Posted 19 January 2013 - 07:54 PM
OK here it is:
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Acronis True Image Home 2012
AcroPano Photo Stitcher, Panorama software
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0 ME
Adobe Reader X (10.1.5)
Advanced SystemCare 6
Aiseesoft iPhone to Computer Transfer Ultimate 5.1.10
Apple Application Support
Apple Software Update
Arizona Topo Map
Audacity 1.3.14 (Unicode)
Audio editor
avast! Free Antivirus
CarbonPoker
cGPSmapper Free 0100d
Cherokee Historical Images Screensaver
ConvertHelper 2.2
ConvertXtoDVD 4.1.19.365
D3DX10
Driver Magician 3.65
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
EasyGPS 4.45
Facebook Video Calling 1.2.0.287
Family Tree Maker 2012
FileASSASSIN
FileZilla Client 3.5.2
Free Video Flip and Rotate version 1.8.12.602
Freecorder 6
Freecorder 6 Add-on for Firefox
Freecorder 6 Applications (6.0.0.36)
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
GotoCamera Client
Hama Webcam Metal Pro
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Product Detection
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP USB Disk Storage Format Tool
ImageSlicer
ImgBurn
Internet TV for Windows Media Center
iPhoneBrowser
IrfanView (remove only)
Java 7 Update 11
Java Auto Updater
Java 6 Update 24
Juniper Networks, Inc. Setup Client
Junk Mail filter update
LabelPrint
LAME v3.99.3 (for Windows)
Legalsounds Download Manager
LifeScan USB Device Driver vSL2.0 (Driver Removal)
LightScribe System Software
Malwarebytes Anti-Malware version 1.70.0.1100
McGill English Dictionary of Rhyme & Verse Perfect 2.0
Mesh Runtime
Messenger Companion
Meter Drivers for OneTouch® Software
Meter Drivers for OneTouch® Software v1.10.0.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF to JPG
NeoDownloader 2.6.3 (for GiveawayOfTheDay.com)
Nikon Message Center
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OneTouch Software
OpenSource Flash Video Splitter (remove only)
OpenVPN 2.2.2
Orbit Downloader
Panda ActiveScan 2.0
PDF To Excel Converter V3.0
Photomizer
PhotoNow!
Picture Control Utility
PL-2303 USB-to-Serial
Plus Pack for Acronis True Image Home 2012
Power2Go
PowerDirector
Quick Media Converter
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SimplyGoodPictures
Skype™ 5.10
StreamTransport version: 1.0.2.2171
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
US Planimetric SW
USAPhotoMaps (remove only)
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.3.3
Wondershare DVD Slideshow Builder Standard(Build 6.1.1.46)
Yawcam 0.3.7
YTD Video Downloader 3.9.6
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Acronis True Image Home 2012
AcroPano Photo Stitcher, Panorama software
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0 ME
Adobe Reader X (10.1.5)
Advanced SystemCare 6
Aiseesoft iPhone to Computer Transfer Ultimate 5.1.10
Apple Application Support
Apple Software Update
Arizona Topo Map
Audacity 1.3.14 (Unicode)
Audio editor
avast! Free Antivirus
CarbonPoker
cGPSmapper Free 0100d
Cherokee Historical Images Screensaver
ConvertHelper 2.2
ConvertXtoDVD 4.1.19.365
D3DX10
Driver Magician 3.65
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
EasyGPS 4.45
Facebook Video Calling 1.2.0.287
Family Tree Maker 2012
FileASSASSIN
FileZilla Client 3.5.2
Free Video Flip and Rotate version 1.8.12.602
Freecorder 6
Freecorder 6 Add-on for Firefox
Freecorder 6 Applications (6.0.0.36)
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
GotoCamera Client
Hama Webcam Metal Pro
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Product Detection
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP USB Disk Storage Format Tool
ImageSlicer
ImgBurn
Internet TV for Windows Media Center
iPhoneBrowser
IrfanView (remove only)
Java 7 Update 11
Java Auto Updater
Java 6 Update 24
Juniper Networks, Inc. Setup Client
Junk Mail filter update
LabelPrint
LAME v3.99.3 (for Windows)
Legalsounds Download Manager
LifeScan USB Device Driver vSL2.0 (Driver Removal)
LightScribe System Software
Malwarebytes Anti-Malware version 1.70.0.1100
McGill English Dictionary of Rhyme & Verse Perfect 2.0
Mesh Runtime
Messenger Companion
Meter Drivers for OneTouch® Software
Meter Drivers for OneTouch® Software v1.10.0.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF to JPG
NeoDownloader 2.6.3 (for GiveawayOfTheDay.com)
Nikon Message Center
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OneTouch Software
OpenSource Flash Video Splitter (remove only)
OpenVPN 2.2.2
Orbit Downloader
Panda ActiveScan 2.0
PDF To Excel Converter V3.0
Photomizer
PhotoNow!
Picture Control Utility
PL-2303 USB-to-Serial
Plus Pack for Acronis True Image Home 2012
Power2Go
PowerDirector
Quick Media Converter
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SimplyGoodPictures
Skype™ 5.10
StreamTransport version: 1.0.2.2171
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
US Planimetric SW
USAPhotoMaps (remove only)
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.3.3
Wondershare DVD Slideshow Builder Standard(Build 6.1.1.46)
Yawcam 0.3.7
YTD Video Downloader 3.9.6
#30
Posted 19 January 2013 - 07:58 PM
Hello
:P2P Warning!:
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld
These logs are looking allot better. But we still have some work to do.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
uninstall some programs
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
µTorrent
Freecorder 6
Freecorder 6 Add-on for Firefox
Freecorder 6 Applications (6.0.0.36)
Java 7 Update 11
Java™ 6 Update 24
[/list]
Clean Out Temp Files
: Malwarebytes' Anti-Malware :
I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download HijackThis
"information and logs"
Gringo
:P2P Warning!:
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld
These logs are looking allot better. But we still have some work to do.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
uninstall some programs
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
µTorrent
Freecorder 6
Freecorder 6 Add-on for Firefox
Freecorder 6 Applications (6.0.0.36)
Java 7 Update 11
Java™ 6 Update 24
[/list]
- Please download and install Revo Uninstaller Free
- Double click Revo Uninstaller to run it.
- From the list of programs double click on The Program to remove
- When prompted if you want to uninstall click Yes.
- Be sure the Moderate option is selected then click Next.
- The program will run, If prompted again click Yes
- when the built-in uninstaller is finished click on Next.
- Once the program has searched for leftovers click Next.
- Check/tick the bolded items only on the list then click Delete
- when prompted click on Yes and then on next.
- put a check on any folders that are found and select delete
- when prompted select yes then on next
- Once done click Finish.
Clean Out Temp Files
- This small application you may want to keep and use once a week to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
- Click Run Cleaner.
- Close CCleaner.
: Malwarebytes' Anti-Malware :
I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
- Double-click mbam icon
- go to the update tab at the top
- click on check for updates
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download HijackThis
- Go Here to download HijackThis program
- Save HijackThis to your desktop.
- Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
- Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
- copy and paste hijackthis report into the topic
"information and logs"
- In your next post I need the following
- Log From MBAM
- report from Hijackthis
- let me know of any problems you may have had
- How is the computer doing now?
Gringo
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users