Jump to content

misterno

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by misterno

  1. misterno
    PC is working fine, thanks Now what is your recommendation for a free virus protection program? Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.30.03 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 misterno :: MISTERNO-PC [administrator] Protection: Disabled 12/30/2012 5:22:01 PM mbam-log-2012-12-30 (17-22-01).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 325416 Time elapsed: 21 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\misterno\AppData\Local\Temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully. (end)
  2. misterno
    I am sorry, I thought running an extra virus removal tool would not hurt our progress. I also run OTL old timer but I understand now I will proceed as you instructed. Also, I just restarted my pc and when it turned on, I was not able to click on any icon or start any programs including IE So restarted with safemode just to let you know. I think virus or trojan is still alive. I will post MBAM shortly
  3. misterno
    I just tried to shut my pc and it said something like a program is running and if I want to force shutdown I checked the taskbar but there is no unusual unknown program running I think I still havea trojan in my pc Please help
  4. misterno
    ComboFix 12-12-30.01 - misterno 12/30/2012 12:42:12.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5626.3886 [GMT -6:00] Running from: c:\users\misterno\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 18:51 . 2012-12-30 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 17:57 . 2012-12-30 17:57 -------- d-----w- C:\FRST 2012-12-30 16:19 . 2012-12-30 16:19 -------- d-----w- c:\users\misterno\AppData\Local\VS Revo Group 2012-12-30 15:29 . 2012-12-30 15:29 -------- d-----w- c:\users\misterno\AppData\Roaming\f-secure 2012-12-30 15:29 . 2012-12-30 15:29 -------- d-----w- c:\programdata\F-Secure 2012-12-30 15:25 . 2012-12-30 15:25 -------- d-----w- c:\windows\Sun 2012-12-30 15:24 . 2012-12-30 15:24 -------- d-----w- c:\program files\Common Files\Bitdefender 2012-12-30 15:23 . 2012-12-30 15:23 -------- d-----w- c:\users\misterno\AppData\Roaming\QuickScan 2012-12-30 15:17 . 2012-12-30 15:17 -------- d-----w- c:\programdata\Kaspersky Lab 2012-12-30 14:12 . 2012-12-30 14:12 -------- d-----w- c:\program files (x86)\ESET 2012-12-30 02:17 . 2012-12-30 02:17 -------- d-----w- c:\windows\ERUNT 2012-12-30 02:17 . 2012-12-30 02:17 -------- d-----w- C:\JRT 2012-12-29 23:05 . 2012-12-29 23:05 -------- d-----w- c:\users\misterno\AppData\Roaming\Malwarebytes 2012-12-29 23:05 . 2012-12-29 23:05 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 23:05 . 2012-12-30 02:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-29 23:05 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-29 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\mpengine.dll 2012-12-21 04:11 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 04:11 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 04:11 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 04:11 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-16 17:07 . 2012-12-16 17:07 -------- d-----w- c:\users\misterno\AppData\Local\Ares 2012-12-16 15:21 . 2012-12-16 15:21 -------- d-----w- c:\users\misterno\AppData\Roaming\MusicNet 2012-12-16 15:18 . 2012-12-16 15:18 -------- d-----w- c:\users\misterno\AppData\Local\PackageAware 2012-12-15 02:18 . 2012-12-15 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-15 02:18 . 2012-12-15 02:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-15 02:17 . 2012-12-15 02:17 -------- d-----w- c:\program files (x86)\Java 2012-12-12 23:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 23:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-09 19:43 . 2012-12-09 19:42 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-09 19:43 . 2012-12-09 19:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-09 18:58 . 2012-12-15 02:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-09 18:58 . 2012-12-15 02:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-20 02:34 . 2012-05-05 01:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-20 02:34 . 2012-05-05 01:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-13 02:50 . 2012-05-08 00:07 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-20 00:46 . 2012-11-20 00:46 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-20 00:42 . 2012-11-20 00:42 53248 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-10-21 23:26 . 2012-10-21 23:26 40960 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut2_8637FCC51F2244009511B0F022380F4D.exe 2012-10-21 23:26 . 2012-10-21 23:26 40960 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\NewShortcut1_A35BF946C93442D89CCA96E4AF7A10B3.exe 2012-10-21 23:26 . 2012-10-21 23:26 53248 ----a-r- c:\users\misterno\AppData\Roaming\Microsoft\Installer\{340D61BB-350A-40F4-8CFD-4F860E12066E}\ARPPRODUCTICON.exe 2012-10-16 08:38 . 2012-11-27 23:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 23:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 23:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 21:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 21:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 21:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 21:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 23:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 21:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 21:53 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 21:53 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 21:53 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 21:53 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 21:53 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 21:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 21:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 21:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 21:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 21:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 75800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-05 1255736] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-19 361984] R4 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768] R4 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe [2010-07-08 815704] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 75656] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096] . . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:34] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 19:16] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 19:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . BHO-{6e47d688-85ec-465a-9946-ec58220f14fc} - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll Toolbar-Locked - (no file) Toolbar-{6e47d688-85ec-465a-9946-ec58220f14fc} - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll Toolbar-10 - (no file) AddRemove-BearShare - c:\programdata\{054EF56A-5AF0-44FB-AF21-2373F624727A}\BearShare_V10_tr_Setup.exe AddRemove-bearsharetoolbarguid - c:\progra~2\BEARSH~1\Mediabar\Datamngr\SRTOOL~1\uninstall.exe AddRemove-{5F624839-947D-46EA-BD63-FD847C1AC6F1} - c:\programdata\{054EF56A-5AF0-44FB-AF21-2373F624727A}\BearShare_V10_tr_Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-30 13:03:56 ComboFix-quarantined-files.txt 2012-12-30 19:03 ComboFix2.txt 2012-12-30 15:50 ComboFix3.txt 2012-12-29 14:30 . Pre-Run: 217,050,972,160 bytes free Post-Run: 216,930,217,984 bytes free . - - End Of File - - A238A68919A6FB168DD64A98FCAF1D6D
  5. misterno
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012 Ran by misterno at 30-12-2012 11:57:22 Running from E:\ Service Pack 1 (X64) OS Language: English(US) Attention: Could not load system hive. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ======== 2012-12-30 11:57 - 2012-12-30 11:57 - 00000000 ____D C:\FRST 2012-12-30 10:19 - 2012-12-30 10:19 - 00000000 ____D C:\Users\misterno\AppData\Local\VS Revo Group 2012-12-30 10:18 - 2012-12-30 10:18 - 00000160 ____A C:\Users\misterno\Desktop\BearShare kurulumuna devam et.url 2012-12-30 09:50 - 2012-12-30 09:50 - 00017981 ____A C:\ComboFix.txt 2012-12-30 09:44 - 2012-12-30 09:44 - 05015826 ____R (Swearware) C:\Users\misterno\Desktop\ComboFix.exe 2012-12-30 09:29 - 2012-12-30 09:29 - 00001812 ____A C:\Users\misterno\Desktop\readme.txt 2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\misterno\AppData\Roaming\f-secure 2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\All Users\F-Secure 2012-12-30 09:25 - 2012-12-30 09:25 - 00000000 ____D C:\Windows\Sun 2012-12-30 09:24 - 2012-12-30 09:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2012-12-30 09:23 - 2012-12-30 09:23 - 00000000 ____D C:\Users\misterno\AppData\Roaming\QuickScan 2012-12-30 09:17 - 2012-12-30 09:17 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2012-12-30 09:14 - 2012-12-30 09:17 - 150247520 ____A C:\Users\misterno\Desktop\setup_11.0.0.1245.x01_2012_12_30_17_19.exe 2012-12-30 09:10 - 2012-12-30 09:10 - 00856731 ____A C:\Users\misterno\Desktop\SecurityCheck.exe 2012-12-30 09:04 - 2012-12-30 09:04 - 00002120 ____A C:\scu.dat 2012-12-30 08:12 - 2012-12-30 08:12 - 00000000 ____D C:\Program Files (x86)\ESET 2012-12-29 20:20 - 2012-12-29 20:23 - 00006275 ____A C:\Users\misterno\Desktop\JRT.txt 2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\Windows\ERUNT 2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\JRT 2012-12-29 20:16 - 2012-12-29 20:16 - 00497009 ____A (Oleg N. Scherbakov) C:\Users\misterno\Desktop\JRT.exe 2012-12-29 20:07 - 2012-12-29 20:08 - 82376496 ____A (Sophos Limited) C:\Users\misterno\Desktop\Sophos Virus Removal Tool.exe 2012-12-29 19:23 - 2012-12-29 19:23 - 00464491 ____A C:\Users\misterno\Desktop\RootRepeal.zip 2012-12-29 19:22 - 2012-12-29 19:22 - 00472064 ____A ( ) C:\Users\misterno\Desktop\RootRepeal.exe 2012-12-29 17:05 - 2012-12-29 20:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-29 17:05 - 2012-12-29 20:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\misterno\AppData\Roaming\Malwarebytes 2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-29 17:05 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-29 09:06 - 2012-12-29 09:06 - 00302592 ____A C:\Users\misterno\Desktop\tlqbye81.exe 2012-12-29 09:00 - 2012-12-29 09:00 - 00015541 ____A C:\Users\misterno\Desktop\dds.txt 2012-12-29 09:00 - 2012-12-29 09:00 - 00009478 ____A C:\Users\misterno\Desktop\attach.txt 2012-12-29 08:59 - 2012-12-29 08:59 - 00688992 ____R (Swearware) C:\Users\misterno\Desktop\dds.scr 2012-12-29 08:52 - 2012-12-29 08:53 - 04732416 ____A (AVAST Software) C:\Users\misterno\Desktop\aswMBR.exe 2012-12-29 08:49 - 2012-12-29 08:49 - 00062978 ____A C:\Users\misterno\Desktop\Extras.Txt 2012-12-29 08:48 - 2012-12-29 08:48 - 00096096 ____A C:\Users\misterno\Desktop\OTL.Txt 2012-12-29 08:41 - 2012-12-29 08:41 - 00602112 ____A (OldTimer Tools) C:\Users\misterno\Desktop\OTL.exe 2012-12-29 08:30 - 2012-12-29 08:10 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\misterno\Desktop\tdsskiller.exe 2012-12-29 08:00 - 2012-12-30 09:50 - 00000000 ____D C:\Qoobox 2012-12-29 08:00 - 2012-12-29 08:26 - 00000000 ____D C:\Windows\erdnt 2012-12-29 08:00 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe 2012-12-29 08:00 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe 2012-12-29 08:00 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-12-29 08:00 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-12-29 08:00 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-12-29 08:00 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe 2012-12-29 08:00 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe 2012-12-29 08:00 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe 2012-12-29 07:58 - 2012-12-29 07:58 - 00009055 ____A C:\Users\misterno\Desktop\hijackthis.log 2012-12-29 07:57 - 2012-12-02 14:44 - 00781383 ____A C:\Users\misterno\Desktop\RSIT.exe 2012-12-29 07:57 - 2012-12-01 08:23 - 00388608 ____A (Trend Micro Inc.) C:\Users\misterno\Desktop\HijackThis.exe 2012-12-20 22:11 - 2012-12-16 11:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-20 22:11 - 2012-12-16 08:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-20 22:11 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-20 22:11 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-16 11:07 - 2012-12-16 11:07 - 00000000 ____D C:\Users\misterno\AppData\Local\Ares 2012-12-16 09:21 - 2012-12-16 09:21 - 00000000 ____D C:\Users\misterno\AppData\Roaming\MusicNet 2012-12-16 09:18 - 2012-12-16 09:18 - 00000000 ____D C:\Users\misterno\AppData\Local\PackageAware 2012-12-14 20:18 - 2012-12-14 20:18 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-12-14 20:17 - 2012-12-14 20:17 - 00000000 ____D C:\Program Files (x86)\Java 2012-12-12 20:48 - 2012-11-14 01:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-12 20:48 - 2012-11-14 00:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-12 20:48 - 2012-11-14 00:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-12 20:48 - 2012-11-14 00:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-12 20:48 - 2012-11-14 00:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-12 20:48 - 2012-11-14 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-12 20:48 - 2012-11-14 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-12 20:48 - 2012-11-13 23:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-12 20:48 - 2012-11-13 23:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-12 20:48 - 2012-11-13 23:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-12 20:48 - 2012-11-13 23:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-12 20:48 - 2012-11-13 23:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-12 20:48 - 2012-11-13 23:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-12 20:48 - 2012-11-13 23:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-12 20:48 - 2012-11-13 23:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-12 20:48 - 2012-11-13 23:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-12 20:48 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-12 20:48 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-12 20:48 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-12 20:48 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-12 20:48 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-12 20:48 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-12 20:48 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-12 20:48 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-12 20:48 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-12 20:48 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-12 20:48 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-12 20:48 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-12 20:48 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-12 20:48 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-12 20:48 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-12 20:48 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-12 17:37 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-12 17:37 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-12-12 17:36 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-12 17:36 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-12 17:36 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2012-12-12 17:36 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-12-12 17:36 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-12-12 17:36 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-12-12 17:36 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-12-12 17:36 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-12-12 17:36 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-12-12 17:36 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-12-12 17:36 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-12-12 17:36 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-12-12 17:36 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-12-12 17:36 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-12-12 17:36 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-12-12 17:36 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-12-12 17:36 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-12-12 17:36 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-12-09 13:43 - 2012-12-09 13:42 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-12-09 13:43 - 2012-12-09 13:42 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-12-09 13:08 - 2012-12-09 13:08 - 00000000 ____D C:\Users\misterno\Documents\LimeWire 2012-12-09 12:58 - 2012-12-14 20:18 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-12-09 12:58 - 2012-12-14 20:18 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-12-09 12:58 - 2012-12-09 12:58 - 00000000 ____D C:\Users\All Users\Sun ==================== One Month Modified Files and Folders ======= 2012-12-30 11:57 - 2012-12-30 11:57 - 00000000 ____D C:\FRST 2012-12-30 11:54 - 2012-02-15 13:16 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-30 11:53 - 2012-11-10 05:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-30 11:53 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-30 11:53 - 2009-07-13 22:51 - 00072489 ____A C:\Windows\setupact.log 2012-12-30 11:34 - 2009-07-13 23:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-30 11:25 - 2010-11-20 21:47 - 00031608 ____A C:\Windows\PFRO.log 2012-12-30 10:19 - 2012-12-30 10:19 - 00000000 ____D C:\Users\misterno\AppData\Local\VS Revo Group 2012-12-30 10:18 - 2012-12-30 10:18 - 00000160 ____A C:\Users\misterno\Desktop\BearShare kurulumuna devam et.url 2012-12-30 09:50 - 2012-12-30 09:50 - 00017981 ____A C:\ComboFix.txt 2012-12-30 09:50 - 2012-12-29 08:00 - 00000000 ____D C:\Qoobox 2012-12-30 09:49 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini 2012-12-30 09:44 - 2012-12-30 09:44 - 05015826 ____R (Swearware) C:\Users\misterno\Desktop\ComboFix.exe 2012-12-30 09:29 - 2012-12-30 09:29 - 00001812 ____A C:\Users\misterno\Desktop\readme.txt 2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\misterno\AppData\Roaming\f-secure 2012-12-30 09:29 - 2012-12-30 09:29 - 00000000 ____D C:\Users\All Users\F-Secure 2012-12-30 09:25 - 2012-12-30 09:25 - 00000000 ____D C:\Windows\Sun 2012-12-30 09:24 - 2012-12-30 09:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender 2012-12-30 09:23 - 2012-12-30 09:23 - 00000000 ____D C:\Users\misterno\AppData\Roaming\QuickScan 2012-12-30 09:17 - 2012-12-30 09:17 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2012-12-30 09:17 - 2012-12-30 09:14 - 150247520 ____A C:\Users\misterno\Desktop\setup_11.0.0.1245.x01_2012_12_30_17_19.exe 2012-12-30 09:10 - 2012-12-30 09:10 - 00856731 ____A C:\Users\misterno\Desktop\SecurityCheck.exe 2012-12-30 09:04 - 2012-12-30 09:04 - 00002120 ____A C:\scu.dat 2012-12-30 08:12 - 2012-12-30 08:12 - 00000000 ____D C:\Program Files (x86)\ESET 2012-12-29 22:44 - 2012-02-15 12:26 - 02059736 ____A C:\Windows\WindowsUpdate.log 2012-12-29 22:43 - 2012-08-28 19:20 - 00000000 ____D C:\Users\misterno\AppData\Roaming\vlc 2012-12-29 22:11 - 2012-02-15 13:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-29 20:39 - 2009-07-13 22:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-29 20:39 - 2009-07-13 22:45 - 00020480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-29 20:25 - 2012-12-29 17:05 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-29 20:25 - 2012-12-29 17:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-29 20:23 - 2012-12-29 20:20 - 00006275 ____A C:\Users\misterno\Desktop\JRT.txt 2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\Windows\ERUNT 2012-12-29 20:17 - 2012-12-29 20:17 - 00000000 ____D C:\JRT 2012-12-29 20:16 - 2012-12-29 20:16 - 00497009 ____A (Oleg N. Scherbakov) C:\Users\misterno\Desktop\JRT.exe 2012-12-29 20:08 - 2012-12-29 20:07 - 82376496 ____A (Sophos Limited) C:\Users\misterno\Desktop\Sophos Virus Removal Tool.exe 2012-12-29 19:23 - 2012-12-29 19:23 - 00464491 ____A C:\Users\misterno\Desktop\RootRepeal.zip 2012-12-29 19:22 - 2012-12-29 19:22 - 00472064 ____A ( ) C:\Users\misterno\Desktop\RootRepeal.exe 2012-12-29 17:25 - 2012-08-09 16:43 - 00000000 ____D C:\QUARANTINE 2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\misterno\AppData\Roaming\Malwarebytes 2012-12-29 17:05 - 2012-12-29 17:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-29 09:06 - 2012-12-29 09:06 - 00302592 ____A C:\Users\misterno\Desktop\tlqbye81.exe 2012-12-29 09:00 - 2012-12-29 09:00 - 00015541 ____A C:\Users\misterno\Desktop\dds.txt 2012-12-29 09:00 - 2012-12-29 09:00 - 00009478 ____A C:\Users\misterno\Desktop\attach.txt 2012-12-29 08:59 - 2012-12-29 08:59 - 00688992 ____R (Swearware) C:\Users\misterno\Desktop\dds.scr 2012-12-29 08:53 - 2012-12-29 08:52 - 04732416 ____A (AVAST Software) C:\Users\misterno\Desktop\aswMBR.exe 2012-12-29 08:49 - 2012-12-29 08:49 - 00062978 ____A C:\Users\misterno\Desktop\Extras.Txt 2012-12-29 08:48 - 2012-12-29 08:48 - 00096096 ____A C:\Users\misterno\Desktop\OTL.Txt 2012-12-29 08:41 - 2012-12-29 08:41 - 00602112 ____A (OldTimer Tools) C:\Users\misterno\Desktop\OTL.exe 2012-12-29 08:30 - 2009-07-13 21:20 - 00000000 __AHD C:\users\Default 2012-12-29 08:26 - 2012-12-29 08:00 - 00000000 ____D C:\Windows\erdnt 2012-12-29 08:15 - 2012-05-03 20:53 - 00000000 ____D C:\users\misterno 2012-12-29 08:10 - 2012-12-29 08:30 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\misterno\Desktop\tdsskiller.exe 2012-12-29 07:58 - 2012-12-29 07:58 - 00009055 ____A C:\Users\misterno\Desktop\hijackthis.log 2012-12-29 07:58 - 2012-05-03 20:54 - 00000000 ____D C:\Users\misterno\AppData\Local\VirtualStore 2012-12-25 21:14 - 2012-06-01 18:56 - 00000000 ____D C:\Users\misterno\Desktop\My files 2012-12-24 11:30 - 2012-06-16 15:55 - 00000000 ____D C:\Users\misterno\Desktop\Movies 2012-12-23 14:16 - 2009-07-13 23:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-12-21 14:52 - 2009-07-13 22:45 - 00431432 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-19 20:34 - 2012-05-05 11:39 - 00000000 ____D C:\Users\All Users\Adobe 2012-12-19 20:34 - 2012-05-04 19:30 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-12-19 20:34 - 2012-05-04 19:30 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-12-16 11:11 - 2012-12-20 22:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 11:07 - 2012-12-16 11:07 - 00000000 ____D C:\Users\misterno\AppData\Local\Ares 2012-12-16 09:21 - 2012-12-16 09:21 - 00000000 ____D C:\Users\misterno\AppData\Roaming\MusicNet 2012-12-16 09:18 - 2012-12-16 09:18 - 00000000 ____D C:\Users\misterno\AppData\Local\PackageAware 2012-12-16 08:45 - 2012-12-20 22:11 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 08:13 - 2012-12-20 22:11 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 08:13 - 2012-12-20 22:11 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-14 20:18 - 2012-12-14 20:18 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-12-14 20:18 - 2012-12-14 20:18 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-12-14 20:18 - 2012-12-09 12:58 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-12-14 20:18 - 2012-12-09 12:58 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-12-14 20:17 - 2012-12-14 20:17 - 00000000 ____D C:\Program Files (x86)\Java 2012-12-14 16:49 - 2012-12-29 17:05 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-12 20:50 - 2012-06-17 08:13 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-12-12 20:50 - 2012-05-07 18:07 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-12-09 13:42 - 2012-12-09 13:43 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-12-09 13:42 - 2012-12-09 13:43 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-12-09 13:08 - 2012-12-09 13:08 - 00000000 ____D C:\Users\misterno\Documents\LimeWire 2012-12-09 12:58 - 2012-12-09 12:58 - 00000000 ____D C:\Users\All Users\Sun 2012-12-09 12:57 - 2012-02-15 13:08 - 00000000 ____D C:\Users\All Users\McAfee 2012-12-02 14:44 - 2012-12-29 07:57 - 00781383 ____A C:\Users\misterno\Desktop\RSIT.exe 2012-12-01 08:23 - 2012-12-29 07:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\misterno\Desktop\HijackThis.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2012-12-09 12:58:03 Restore point made on: 2012-12-09 13:20:42 Restore point made on: 2012-12-09 13:26:36 Restore point made on: 2012-12-09 13:42:40 Restore point made on: 2012-12-09 13:59:27 Restore point made on: 2012-12-09 14:00:20 Restore point made on: 2012-12-12 17:30:23 Restore point made on: 2012-12-12 20:47:08 Restore point made on: 2012-12-14 20:02:55 Restore point made on: 2012-12-14 20:04:06 Restore point made on: 2012-12-14 20:07:32 Restore point made on: 2012-12-14 20:17:52 Restore point made on: 2012-12-18 20:01:37 Restore point made on: 2012-12-20 22:11:17 Restore point made on: 2012-12-25 07:16:12 Restore point made on: 2012-12-28 20:02:24 ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 5626 MB Available physical RAM: 3733.63 MB Total Pagefile: 11250.18 MB Available Pagefile: 9442.94 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:440.59 GB) (Free:202.17 GB) NTFS 3 Drive e: (OFFICE 2007) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 1906 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 440 GB 101 MB Partition 3 OEM 25 GB 440 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components) ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 440 GB Healthy Boot ========================================================= Disk: 0 Partition 3 Type : 12 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1905 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E OFFICE 2007 FAT Removable 1905 MB Healthy ========================================================= Last Boot: 2011-02-12 13:34 ==================== End Of Log =============================
  6. misterno
    When I selected "Repair Your Computer" option, it is asking for Windows CD which I do not have I think I have to select an option where pc should read from flash drive not cd correct?
  7. misterno
    Both programs are removed from my pc so what is next?
  8. misterno
    Here is my MBAM log Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 misterno :: MISTERNO-PC [administrator] Protection: Enabled 12/29/2012 5:08:19 PM mbam-log-2012-12-29 (17-08-19).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 325368 Time elapsed: 57 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 22 HKCR\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully. Files Detected: 5 C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Users\misterno\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\misterno\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully. (end) Here is my DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by misterno at 8:59:55 on 2012-12-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5626.3794 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\windows\System32\WUDFHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\DllHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\BrowserConnection.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - TB: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\DATAMN~1.EXE uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} - file:///D:/setup.exe DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1 TCP: Interfaces\{B818B4F5-B9B0-4867-A480-48B6160A58B2} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll AppInit_DLLs= C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\Mediabar\Datamngr\IEBHO.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-7-5 465792] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-9-29 17920] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-9-29 175072] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-7-5 75656] R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2012-2-15 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-9-4 231440] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2012-9-18 15160] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-7-5 118688] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-15 247400] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-15 533096] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2012-7-5 75800] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-5 1255736] S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-9-4 204288] S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-18 361984] S4 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2012-2-15 32768] S4 tvnserver;TightVNC Server;C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [2010-7-8 815704] . =============== Created Last 30 ================ . 2012-12-29 14:33:37 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-29 14:09:11 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\offreg.dll 2012-12-29 14:00:42 208896 ----a-w- C:\windows\MBR.exe 2012-12-29 14:00:40 256000 ----a-w- C:\windows\PEV.exe 2012-12-29 14:00:39 98816 ----a-w- C:\windows\sed.exe 2012-12-29 02:02:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F45FCA7C-BFC8-47D9-AED3-2564E5BF7E8A}\mpengine.dll 2012-12-21 04:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 04:11:22 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 04:11:22 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 04:11:22 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-16 17:07:35 -------- d-----w- C:\Users\misterno\AppData\Local\Ares 2012-12-16 15:21:11 -------- d-----w- C:\ProgramData\boost_interprocess 2012-12-16 15:21:03 -------- d-----w- C:\Users\misterno\AppData\Roaming\MusicNet 2012-12-16 15:20:55 -------- d-----w- C:\Users\misterno\AppData\Local\BearShare 2012-12-16 15:19:29 -------- d-----w- C:\ProgramData\BearShare 2012-12-16 15:19:29 -------- d-----w- C:\Program Files (x86)\BearShare Applications 2012-12-16 15:19:10 -------- dc-h--w- C:\ProgramData\{054EF56A-5AF0-44FB-AF21-2373F624727A} 2012-12-16 15:18:51 -------- d-----w- C:\Users\misterno\AppData\Local\PackageAware 2012-12-15 02:18:18 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-12 23:37:15 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 23:37:15 2048 ----a-w- C:\windows\System32\tzres.dll 2012-12-09 19:43:19 916456 ----a-w- C:\windows\System32\deployJava1.dll 2012-12-09 19:43:19 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll 2012-12-09 18:58:39 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-12-09 18:58:38 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-12-20 02:34:46 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-20 02:34:46 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-20 00:46:01 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys . ============= FINISH: 9:00:15.28 =============== Here is my Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/3/2012 9:53:41 PM System Uptime: 12/29/2012 7:56:11 AM (2 hours ago) . Motherboard: LENOVO | | Processor: AMD A6-3600 APU with Radeon HD Graphics | P0 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 441 GiB total, 203.513 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP83: 12/9/2012 12:57:51 PM - Installed Java 7 Update 9 RP84: 12/9/2012 1:20:36 PM - Removed Java 7 Update 9 RP85: 12/9/2012 1:26:30 PM - Removed Java 7 Update 9 RP86: 12/9/2012 1:42:34 PM - Installed Java 7 Update 9 (64-bit) RP87: 12/9/2012 1:59:15 PM - Removed Java 7 Update 9 (64-bit) RP88: 12/9/2012 2:00:13 PM - Installed Java 6 Update 37 (64-bit) RP89: 12/12/2012 5:30:08 PM - Windows Update RP90: 12/12/2012 8:46:59 PM - Windows Update RP91: 12/14/2012 8:02:42 PM - Removed Java 6 Update 37 (64-bit) RP92: 12/14/2012 8:04:00 PM - Installed Java 6 Update 37 (64-bit) RP93: 12/14/2012 8:07:26 PM - Removed Java 6 Update 37 (64-bit) RP94: 12/14/2012 8:17:45 PM - Installed Java 7 Update 9 RP95: 12/18/2012 8:01:21 PM - Windows Update RP96: 12/20/2012 10:11:09 PM - Windows Update RP97: 12/25/2012 7:15:42 AM - Windows Update RP98: 12/28/2012 8:02:09 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD VISION Engine Control Center BearShare Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Connect eReg Google Chrome Google Update Helper Java 7 Update 9 Java Auto Updater Lenovo Blacksilk USB Keyboard Driver Lenovo Driver and Application Installation Lenovo Power2Go Lenovo Rescue System Logitech SetPoint 6.51 LVT McAfee Agent McAfee VirusScan Enterprise Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 MSVCRT Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Search-Results Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SSA Benefit Calculator Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.0.1 Windows Driver Package - Advanced Micro Devices, Inc System (04/15/2010 5.12.0.13) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 8:19:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/29/2012 8:15:02 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 12/29/2012 7:39:56 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023781 12/25/2012 9:20:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user misterno-PC\misterno SID (S-1-5-21-1731095417-3852314170-1902563222-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/24/2012 9:46:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 12/24/2012 9:46:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. . ==== End Of File =========================== Here is my Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/3/2012 9:53:41 PM System Uptime: 12/29/2012 7:56:11 AM (2 hours ago) . Motherboard: LENOVO | | Processor: AMD A6-3600 APU with Radeon HD Graphics | P0 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 441 GiB total, 203.513 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP83: 12/9/2012 12:57:51 PM - Installed Java 7 Update 9 RP84: 12/9/2012 1:20:36 PM - Removed Java 7 Update 9 RP85: 12/9/2012 1:26:30 PM - Removed Java 7 Update 9 RP86: 12/9/2012 1:42:34 PM - Installed Java 7 Update 9 (64-bit) RP87: 12/9/2012 1:59:15 PM - Removed Java 7 Update 9 (64-bit) RP88: 12/9/2012 2:00:13 PM - Installed Java 6 Update 37 (64-bit) RP89: 12/12/2012 5:30:08 PM - Windows Update RP90: 12/12/2012 8:46:59 PM - Windows Update RP91: 12/14/2012 8:02:42 PM - Removed Java 6 Update 37 (64-bit) RP92: 12/14/2012 8:04:00 PM - Installed Java 6 Update 37 (64-bit) RP93: 12/14/2012 8:07:26 PM - Removed Java 6 Update 37 (64-bit) RP94: 12/14/2012 8:17:45 PM - Installed Java 7 Update 9 RP95: 12/18/2012 8:01:21 PM - Windows Update RP96: 12/20/2012 10:11:09 PM - Windows Update RP97: 12/25/2012 7:15:42 AM - Windows Update RP98: 12/28/2012 8:02:09 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD VISION Engine Control Center BearShare Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Connect eReg Google Chrome Google Update Helper Java 7 Update 9 Java Auto Updater Lenovo Blacksilk USB Keyboard Driver Lenovo Driver and Application Installation Lenovo Power2Go Lenovo Rescue System Logitech SetPoint 6.51 LVT McAfee Agent McAfee VirusScan Enterprise Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 MSVCRT Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Search-Results Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SSA Benefit Calculator Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.0.1 Windows Driver Package - Advanced Micro Devices, Inc System (04/15/2010 5.12.0.13) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 12/29/2012 8:19:00 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/29/2012 8:15:02 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 12/29/2012 7:39:56 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023781 12/25/2012 9:20:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user misterno-PC\misterno SID (S-1-5-21-1731095417-3852314170-1902563222-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 12/24/2012 9:46:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 12/24/2012 9:46:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. . ==== End Of File ===========================
  9. misterno
    Thanks I will do that
  10. misterno
    My screen turned to black after running malwarebytes program. I am suspecting trojan in my pc so that is why I run malwarebytes It asked me to restart the pc after running it and I let the system remove many files. So I restarted the pc and screen was black. I can see the mouse cursor but nothing else. Now I am typing thisin safemode. Here is the MB log Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 misterno :: MISTERNO-PC [administrator] Protection: Enabled 12/29/2012 5:08:19 PM mbam-log-2012-12-29 (17-08-19).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 325368 Time elapsed: 57 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 22 HKCR\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully. Files Detected: 5 C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Users\misterno\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\misterno\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully. (end)
  11. misterno
    When I log in to google it keeps redirecting me to other sites So I ran hijackthis and got this log. Can someone tell me what to do? Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:02:54 AM, on 12/2/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\emel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.