Jump to content

DeeMee

Honorary Members
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

 Content Type 

Everything posted by DeeMee

  1. DeeMee
    Very Cool Link and well organized website. I will pass it along to any newbies that wants to know how to be safe on the web. Thanks a lot for all your help. :)
  2. DeeMee
    Thanks a lot for your help. I learn a lot from working with you guys. I hope to donate something in the future and will certainly consider becoming a paying customer. However, most of the people that I work with are underprivileged therefore it is difficult to justify the cost. It is getting to the point that i may have to.or consider a Linux distro. I will make a decision before the fall on which path we will follow. Best regards,
  3. DeeMee
    Thanks, I will give it a try although I am aware of most of the tools listed by the link. Do you think that the unit is clean?
  4. DeeMee
    Ok, lets try this again, because I do not wake up before 10:00 am. There is a typo in the last sentence. It should have been written: "However, XP loads slower than 7, therefore as long as you do not think that it is a malware related issue, her unit is running great.
  5. DeeMee
    There is a typo the last sentence should read: "However, XP loads slower than 7, therefore as long as you do not think that it is not a malware related issue then this will be fine.
  6. DeeMee
    It is working fine. I have run additional online scans and have not picked up anything. It does take a little time to load after logging in, approxiamately 4-5 minutes on completion, but once it loads it runs fine. I can use it before that--towards the back end--but it is more stable if I wait until it completes loading and before I click on say, IE. Unfortunately, I can't gage loading since I upgraded the RAM substantially and didn't find out about the Trojan until after upgrading. However, XP loads lower than 7, therefore as long as you do not think that it is not a malware related issue then this will be fine.
  7. DeeMee
    There was no a Detected Threads report. Scan was clean. Automatic Scan: completed 7 minutes ago (events: 156246, objects: 156851, time: 01:37:05) 7/26/2012 6:40:00 PM Task completed Scan was 17 MB. I could not attach and upload. If you like I can cut and paste the whole thing.
  8. DeeMee
    Here you go: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cc160596c40aed4c8c5cd4898bf2a11a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-26 01:32:19 # local_time=2012-07-26 08:32:19 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 2119597 2119597 0 0 # compatibility_mode=3073 16777213 80 71 2146087 18796316 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=37604 # found=0 # cleaned=0 # scan_time=2262
  9. DeeMee
    Hello, I received an alert from Superantispyware that there was a keygen.exe that needed to be deleted from my machine. This was received after I ran Malwarebytes. My mother has had this machine approximately two weeks. We bought is as an extra machine for others in the residence. The nonprofit that sold the computer to us assured us that the unit had been reformatted and loaded with a copy of WinXP Pro. I rather doubt that since I've found too many other things on the computer like copies of IObit etc. In any case your help in making sure that this unit is clean would be greatly appreciated Here is a Malwarbytes scan and a DDS scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.25.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 David :: DELL-64BFA9CE46 [administrator] 7/25/2012 6:01:54 PM mbam-log-2012-07-25 (18-01-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 252629 Time elapsed: 12 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================================================================ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0 Run by David at 18:20:12 on 2012-07-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Opera\opera.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342722022734 DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab TCP: Interfaces\{47873C58-5B33-4269-885E-095D8D281F5D} : NameServer = 208.67.222.222,208.67.220.220 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\2yhhxs5l.default\ FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\npMSDM.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-12 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-12 353688] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-12 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-12 44808] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1983232] R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-19 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-19 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-19 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-25 18:55:18 -------- d-----w- c:\documents and settings\david\application data\SUPERAntiSpyware.com 2012-07-25 18:54:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-25 18:54:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-07-25 18:40:49 -------- d-----w- c:\documents and settings\david\application data\ElevatedDiagnostics 2012-07-19 22:03:24 -------- d-----w- c:\documents and settings\all users\application data\WEBREG 2012-07-19 21:59:12 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll 2012-07-19 21:59:12 117760 ----a-w- c:\windows\system32\hpzll5mu.dll 2012-07-19 21:47:40 -------- d-----w- c:\program files\Yahoo! 2012-07-19 21:43:54 -------- d-----w- c:\program files\common files\HP 2012-07-19 21:43:22 271704 ----a-w- c:\windows\system32\hpzids01.dll 2012-07-19 21:43:11 -------- d-----w- c:\program files\HP 2012-07-19 21:26:36 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-07-19 21:26:36 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-07-19 21:23:32 21504 ----a-w- c:\windows\system32\SET7.tmp 2012-07-19 21:23:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-07-19 21:23:10 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2012-07-19 21:23:10 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-07-19 21:23:02 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2012-07-19 21:23:02 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2012-07-19 19:45:53 -------- d-----w- c:\program files\WOT 2012-07-19 15:51:30 1611 ----a-w- c:\windows\system32\drivers\etc\mvps.bat . ==================== Find3M ==================== . 2012-07-19 01:59:38 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-12 17:54:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 17:54:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-21 08:12:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 16:19:20 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-06-12 16:19:08 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys 2012-06-12 16:19:02 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-05 00:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-05 00:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 18:23:24.79 ===============
  10. DeeMee
    Thanks a lot Chris. I appreciate all your help and others who donate their time here. Best of luck with school.
  11. DeeMee
    Hi, TFC run, completed & system restarted. Combofix uninstalled Security Check deleted and system rebooted. Firefox upgraded-although I already had it set to automatically upgrade, it had not upgraded since 11.X. That's a little strange...I think. System runs fine with no apparant issues.
  12. DeeMee
    Thanks. I will be over my mother's house until tomorrow 7:00 CST. Here is the information that you requested: Ran TFC. I was unable to find the file for ESET. It was not at the file path that was displayed by your directions and others directions on the web. I ran it twice, search for it via Windows search and there is not such a file. In addition I thought that possibly it was hidden. No luck. Would I have to turn off both my firewall and Avast in order to receive such a file? In any case, it completed and was clean. Here is a copy of security check: Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` WinPatrol MVPS Hosts File SpywareBlaster 4.6 Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner Java™ 7 Update 5 Adobe Flash Player 11.3.300.265 Mozilla Firefox 11.0 Firefox out of Date! Google Chrome 20.0.1132.47 Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` That's interesting. I did not install MVPS Host file Thanks. PIC OF ESEST SCAN.rtf
  13. DeeMee
    Well said. I thought I was the only one with this issue. However, I use Filehippo for most of my downloading and would recommend it to others as well.
  14. DeeMee
    Yeah maybe bumping does that but you should have contacted me via PM regarding this. I PMed you and didn't get a response. I told you that my mother lived quite a distance away. If you have more clients than you can handle, then let's get someone that can handle your overload. I will not be going over my mother's house until Wednesday at the earliest. Therefore, we will be moving towards two weeks into cleaning a system that may have only taken a week. Sure we are happy and thankful that you guys are there for us but you could have told me the deal instead of me waiting and spending the night over my mother's house for two days hoping for a response from you for the next step. Since, you haven't followed my requests, I will need to have someone that may. If that means that I may not be able to use the forum then so be it. All you had to do was to tell me you had a backlog. That's it. I was more than considerate explaining the total situation to you. My mother uses this computer for work. She has a right to be frustrated if I do not have a clue as to the time it will take for resolution because the person who is supposed to be helping me can't even send me a PM or post it on the site. BTW, my internet is down. I'm using a hotspot to send this. Therefore, my access will be spotty at best this week.
  15. DeeMee
    BUMP
  16. DeeMee
    Any way to delete certain information from these scans that may be sensitive. BTW, my nephew reported to me that they got a telephone call from these same people. How creepy is that?
  17. DeeMee
    Thanks for your patience. Here are both logs. I will be here until late today. ComboFix 12-07-12.02 - Pauline B Wilis 07/12/2012 13:54:12.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1789.592 [GMT -5:00] Running from: c:\users\\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\TotalRecipeSearch_14 c:\program files\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF c:\program files\TotalRecipeSearch_14\bar\1.bin\installKeys.js c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL c:\program files\TotalRecipeSearch_14\bar\gen1\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat c:\users\U\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 19:00 . 2012-07-12 19:00 -------- d-----w- c:\users\Pauline B Wilis\AppData\Local\temp 2012-07-12 19:00 . 2012-07-12 19:00 -------- d-----w- c:\users\Yale\AppData\Local\temp 2012-07-12 17:39 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66226615-017D-48E0-BB64-CF816DBACB4D}\mpengine.dll 2012-07-11 02:25 . 2012-07-11 02:25 -------- d-----w- c:\users\Pauline B Wilis\AppData\Local\Macromedia 2012-07-10 17:58 . 2012-07-10 17:58 -------- d-----w- c:\users\U\AppData\Local\Citrix 2012-07-10 17:54 . 2012-07-10 17:54 -------- d-----w- c:\users\U\AppData\Local\Macromedia 2012-06-29 13:34 . 2012-07-10 21:54 -------- d-----w- c:\programdata\PC Optimizer Pro 2012-06-29 13:03 . 2012-06-29 13:03 -------- d-----w- c:\program files\RecipeHub_2jEI 2012-06-21 19:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 19:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 19:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 19:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 19:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 19:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 19:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 19:59 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 19:59 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Java 2012-06-13 02:12 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 02:12 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 02:12 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 02:12 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 02:12 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 02:12 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 02:12 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 02:12 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 02:12 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 02:12 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 18:46 . 2012-03-29 19:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 18:46 . 2012-03-07 02:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 16:21 . 2012-03-06 00:58 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-03-08 21:05 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21 . 2012-03-06 00:58 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-03-06 00:58 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-03-06 00:58 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-03-06 00:58 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-03-06 00:58 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-03-06 00:58 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-20 20:07 . 2012-03-08 22:39 772592 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-20 20:07 . 2012-03-06 15:27 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-20 19:22 . 2012-03-06 02:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-22 8120864] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2011-05-06 658424] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:46] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 00:58] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 00:58] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Pauline B Wilis\AppData\Roaming\Mozilla\Firefox\Profiles\5gtdlurx.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(592) c:\windows\system32\guard32.dll . Completion time: 2012-07-12 14:02:36 ComboFix-quarantined-files.txt 2012-07-12 19:02 . Pre-Run: 122,907,811,840 bytes free Post-Run: 122,831,486,976 bytes free . - - End Of File - - 56053D5243A7DAC4018EF51E700D1D3D ===================================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by at 14:08:47 on 2012-07-12 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{28467CAE-4A23-46EF-BFC4-BCC519B7368E} : DhcpNameServer = 192.168.1.254 AppInit_DLLs: c:\windows\system32\guard32.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pauline b wilis\appdata\roaming\mozilla\firefox\profiles\5gtdlurx.default\ . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-07-12 19:02:43 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-12 19:02:40 -------- d-----w- c:\users\pauline b wilis\appdata\local\temp 2012-07-12 18:52:36 98816 ----a-w- c:\windows\sed.exe 2012-07-12 18:52:36 518144 ----a-w- c:\windows\SWREG.exe 2012-07-12 18:52:36 256000 ----a-w- c:\windows\PEV.exe 2012-07-12 18:52:36 208896 ----a-w- c:\windows\MBR.exe 2012-07-12 17:39:17 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{66226615-017d-48e0-bb64-cf816dbacb4d}\mpengine.dll 2012-07-11 02:25:43 -------- d-----w- c:\users\pauline b wilis\appdata\local\Macromedia 2012-06-29 13:34:55 -------- d-----w- c:\programdata\PC Optimizer Pro 2012-06-29 13:03:40 -------- d-----w- c:\program files\RecipeHub_2jEI 2012-06-21 19:59:53 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 19:59:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 19:59:41 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 19:59:41 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-13 02:12:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 02:12:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 02:12:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 02:12:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 02:12:26 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 02:12:24 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 02:12:23 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 02:12:17 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 02:12:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 02:12:16 103936 ----a-w- c:\windows\system32\cryptnet.dll . ==================== Find3M ==================== . 2012-07-12 18:46:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 18:46:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-20 20:07:06 772592 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-20 20:07:06 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 14:09:37.41 ===============
  18. DeeMee
    I will not be able to respond until tomorrow. I don't live with my mother. I will be over there tomorrow and will spend as much time as necessary to complete the process.
  19. DeeMee
    Had to turn off Avast in order for DDS to run.
  20. DeeMee
    As requested Malwarebytes: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pauline B Wilis :: PBW [administrator] 7/10/2012 8:44:31 PM mbam-log-2012-07-10 (20-44-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 296355 Time elapsed: 4 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) =========================================== DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Pauline B Wilis at 21:14:23 on 2012-07-10 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1789.1010 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Windows\notepad.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{28467CAE-4A23-46EF-BFC4-BCC519B7368E} : DhcpNameServer = 192.168.1.254 AppInit_DLLs: c:\windows\system32\guard32.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pauline b wilis\appdata\roaming\mozilla\firefox\profiles\5gtdlurx.default\ FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-2-6 64128] R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-2-6 32384] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-5 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-5 353688] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 491816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 39640] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-28 172032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-5 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-5 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-10 44808] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-2-11 103936] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-8-20 92216] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2012-2-6 1128952] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-6 1153368] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-1-28 5295616] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-1-28 150016] R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2010-11-11 1133952] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-2-6 325672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-6 1343400] . =============== Created Last 30 ================ . 2012-07-10 15:28:38 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ee03b7-061e-4c8d-8390-013a86d35bc5}\mpengine.dll 2012-06-29 13:34:55 -------- d-----w- c:\programdata\PC Optimizer Pro 2012-06-29 13:24:07 -------- d-----w- c:\program files\TotalRecipeSearch_14 2012-06-29 13:03:40 -------- d-----w- c:\program files\RecipeHub_2jEI 2012-06-21 19:59:53 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 19:59:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 19:59:41 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 19:59:41 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-13 02:12:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 02:12:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 02:12:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 02:12:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 02:12:26 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 02:12:24 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 02:12:23 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 02:12:17 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 02:12:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 02:12:16 103936 ----a-w- c:\windows\system32\cryptnet.dll . ==================== Find3M ==================== . 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-23 00:46:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 00:46:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-20 20:07:06 772592 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-20 20:07:06 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 21:15:11.79 ===============
  21. DeeMee
    Windows 7 Pro SP1 64-bit OEM Copy Ram: 2.00 GB 32 bit Ran Malwarebytes. Scan included. Deleted all PUPs Listed Ran Avast after running Malwarebytes. Had many locked files mostly from Flash. However no alerts regarding viruses or PUPs. Deleted PC OPTIMIZER with Revo Installer restarted system. PC Optimizer has not reloaded with one start. All toolbars that were listed in Revo Installer are now gone. Both Java and Flash were current before the hack. They are set to automatically download and install. Except you can't set Java to automatically install. At least I haven't found a way to do so. Windows updates is current with all security updates. It is set to automatically download and install. Attempted to change homepage many times. Winpatrol caught the change but it repeatedly continued to change the homepage. Attempted to add toolbars. One was a recipe tool bar. I don't remember the name of the other toolbar. At this time none of the previous negative occurrences are present. Ran Superantispyware and it found Trojan-Agent/Gen-Patchload. However machine is operating fine. http://www.ehow.com/how_5076859_remove-win-trojangen.html I removed it via Super. Have not turned off system restore yet. Ok what is important is to try to figure out how this stuff got on my mother's machine. We are running the following programs live: Avast Free (Updated to latest version today) WinPatrol Comodo Free Firewall We also run the following on demand programs: Superantispyware--although it loads as if it is live Malwarebytes Spybot Sywareblaster I usually run the on demand programs once or every other week. The issue is making sure --as much as we can, I know that there is not a guarantee--that the software is off of the system and figure out whether there are any vulnerabilities that would allow it to reinfect. There are six accounts on this computer. One admin account. One is used for a guest account--renamed--and the rest are limited user accounts or rather standard user accounts. I have now required everyone that uses this computer to have a password. How did it get past Avast? Not only that even when it was absolutely clear that, at least, I had PUPs on my machine it did not awknowledge them. ============================================ MALWAREBYTES SCAN: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pauline B Wilis :: PBW [administrator] 7/10/2012 1:47:19 PM mbam-log-2012-07-10 (15-02-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 421054 Time elapsed: 1 hour(s), 6 minute(s), 3 second(s) Memory Processes Detected: 2 C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.MyWebSearch) -> 5508 -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.MyWebSearch) -> 5920 -> No action taken. Memory Modules Detected: 3 C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll (PUP.MyWebSearch) -> No action taken. Registry Keys Detected: 79 HKLM\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{8c4b563e-52a1-4a10-b700-f8bf1cd7b726} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.MultipleButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.MultipleButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{9e5c950c-93f2-46b4-a47e-8450fff4d841} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{398035f8-0621-4534-aef6-b5592a68f6d8} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{9A74121D-E910-4C66-8CBC-2A342BD03EB5} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{b5ede79d-b004-47dd-93f9-152b0d145914} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{bcf02409-9333-44e7-96e8-01890ea9d58e} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{4FFED4E7-CF5A-467C-965C-0E425314E0CF} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{d0dabaca-3c45-4ee9-b0da-533cad1985b0} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.DynamicBarButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{e1f82c34-7195-49a8-9c9b-47c064c22132} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{b7b60f9d-f1e4-4694-9a40-1538ea07a795} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{C76ED8C1-24E5-43A8-807F-448264610140} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.FeedManager.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.FeedManager (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{ffed91ad-6369-48f5-b351-2a42d09cb27c} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{6A6B3763-2264-4710-B165-26DB0B35920C} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.HTMLPanel (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.HTMLMenu (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4503EC3-1111-4B62-8F46-0D88508F8A7B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{895f3dbd-2484-4a14-a0ea-c3252ebb0ff7} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{529b4045-715c-46e7-bc81-81e3aaec9060} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{23A73CDC-711C-4D7E-AECC-D9AECFA152AA} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{96b8a0ef-0d9d-4a92-b548-376db4bbb58b} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{ee201ae6-533c-4947-97ea-12627d4854a0} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{4A80A60D-BDEF-4D70-BCCC-D0DAD25FF951} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{396a4e14-83e7-4941-b0d9-b598e1b97197} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{829e44ed-cb4f-4ccc-990f-428fbd0b128a} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{D70D51A6-C90C-4BF4-9C91-DC0B943754DE} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.RadioSettings.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.RadioSettings (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{a9c524bf-4044-402a-aa00-8c3b3da86125} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.ScriptButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.ScriptButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{03f3147c-cea6-4aae-b0ae-8d8abe7a8080} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{06a16622-19d9-47e8-9fec-6ca8cf275bd7} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{81C8B625-F505-4E26-84F9-207AF4240B00} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{cc748b11-e10d-4c87-9a24-93e429fdd1fd} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{2D465563-7CA8-45EC-83F2-6F5C293762F3} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{f7921d9c-168a-40ee-a4a9-42dd202b0bb4} (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.UrlAlertButton (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.Radio (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.Radio.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SettingsPlugin (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SkinLauncher (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SkinLauncher.1 (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SkinLauncherSettings (PUP.MyWebSearch) -> No action taken. HKCR\TotalRecipeSearch_14.SkinLauncherSettings.1 (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\TotalRecipeSearch_14 (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin (PUP.MyWebSearch) -> No action taken. Registry Values Detected: 7 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|14ffxtbr@TotalRecipeSearch_14.com (PUP.MyWebSearch) -> Data: C:\Program Files\TotalRecipeSearch_14\bar\1.bin -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 35 C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.MyWebSearch) -> No action taken. C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00KO9XMB\TotalRecipeSearch.exe (PUP.FunWebProducts) -> No action taken. C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AP6NQGR\RecipeHub.exe (PUP.FunWebProducts) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14datact.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14highin.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14html.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14idle.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14medint.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14msg.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14radio.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14reghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14script.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14skin.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (PUP.MyWebSearch) -> No action taken. (end) ========================= SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/10/2012 at 06:33 PM Application Version : 5.1.1002 Core Rules Database Version : 8875 Trace Rules Database Version: 6687 Scan type : Complete Scan Total Scan Time : 00:36:39 Operating System Information Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 646 Memory threats detected : 0 Registry items scanned : 33674 Registry threats detected : 0 File items scanned : 55875 File threats detected : 103 Adware.Tracking Cookie C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\GWTL3M8N.txt [ Cookie:anthony@findlaw.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MULPR138.txt [ Cookie:anthony@c.atdmt.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUY271Y9.txt [ Cookie:anthony@collective-media.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\17NO4O0Q.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/984328609/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ID128LTE.txt [ Cookie:anthony@questionmarket.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HMHHYJ3N.txt [ Cookie:anthony@tribalfusion.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\79EZTSTU.txt [ Cookie:anthony@invitemedia.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\406H5GTL.txt [ Cookie:anthony@server.iad.liveperson.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JNYWNW25.txt [ Cookie:anthony@lfstmedia.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9N8EZ0V.txt [ Cookie:anthony@at.atwola.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\U15VXSEV.txt [ Cookie:anthony@yieldmanager.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGHN9K0F.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/968198462/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTEAJ14R.txt [ Cookie:anthony@www.burstnet.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BEZ1JOVR.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/1072738770/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SAR127IZ.txt [ Cookie:anthony@traveladvertising.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\99ZQYPJA.txt [ Cookie:anthony@mediaplex.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCS69BZU.txt [ Cookie:anthony@prnewswire.122.2o7.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\AGPESJS6.txt [ Cookie:anthony@doubleclick.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQPFXH1P.txt [ Cookie:anthony@a1.interclick.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKEJC5MW.txt [ Cookie:anthony@imrworldwide.com/cgi-bin ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\05V1H133.txt [ Cookie:anthony@zedo.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TDJKZHGK.txt [ Cookie:anthony@msnbc.112.2o7.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XSQD3B2.txt [ Cookie:anthony@statse.webtrendslive.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MAR7P339.txt [ Cookie:anthony@advertising.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOQF5G31.txt [ Cookie:anthony@apmebf.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FE1VHDXF.txt [ Cookie:anthony@interclick.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJNS7NPD.txt [ Cookie:anthony@johnhancockfinancialservices.122.2o7.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMWB5ZJJ.txt [ Cookie:anthony@adbrite.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NPVYX2AR.txt [ Cookie:anthony@revsci.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\P603TJXM.txt [ Cookie:anthony@intermundomedia.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\J161LUJX.txt [ Cookie:anthony@pointroll.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8K0WS2XI.txt [ Cookie:anthony@lucidmedia.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BEGV773H.txt [ Cookie:anthony@liveperson.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DD6UV7A.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/1005970738/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBRMLP7K.txt [ Cookie:anthony@tacoda.at.atwola.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8KGTHP2.txt [ Cookie:anthony@adsonar.com/adserving ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WN5CEZ18.txt [ Cookie:anthony@serving-sys.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUSC9KJ5.txt [ Cookie:anthony@kanoodle.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8R10NCX.txt [ Cookie:anthony@liveperson.net/hc/23818417 ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTB417ZX.txt [ Cookie:anthony@msn.com/investments/find-symbol/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3Y1AV3LK.txt [ Cookie:anthony@ad.yieldmanager.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9G58FQX.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/964167311/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQZG6G4N.txt [ Cookie:anthony@kontera.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q39JEJG.txt [ Cookie:anthony@media2.legacy.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H2M525U.txt [ Cookie:anthony@legolas-media.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QZ2XAYV.txt [ Cookie:anthony@casalemedia.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9G3AIIFR.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/949500792/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WNPW97JR.txt [ Cookie:anthony@adtech.de/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQR8BI7D.txt [ Cookie:anthony@pro-market.net/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OJEK4H92.txt [ Cookie:anthony@adserver.adtechus.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCZ6AJJ1.txt [ Cookie:anthony@burstnet.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8O6W99BA.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/1004552843/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYCCAIXL.txt [ Cookie:anthony@media6degrees.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3A095GCF.txt [ Cookie:anthony@findlaw.com/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BTXYE1BT.txt [ Cookie:anthony@www.googleadservices.com/pagead/conversion/1034892697/ ] C:\USERS\ANTHONY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LRJCWB6.txt [ Cookie:anthony@homestore.122.2o7.net/ ] C:\USERS\ANTHONY\Cookies\GWTL3M8N.txt [ Cookie:anthony@findlaw.com/ ] C:\USERS\PAULINE\AppData\Roaming\Microsoft\Windows\Cookies\U327BSIX.txt [ Cookie:pauline@atdmt.com/ ] C:\USERS\PAULINE\Cookies\U327BSIX.txt [ Cookie:pauline@atdmt.com/ ] C:\USERS\PAULINE B WILIS\AppData\Roaming\Microsoft\Windows\Cookies\Low\J3EOTIWE.txt [ Cookie:pauline b wilis@revsci.net/ ] C:\USERS\YALE\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FU76QH6.txt [ Cookie:yale@c.atdmt.com/ ] C:\USERS\YALE\AppData\Roaming\Microsoft\Windows\Cookies\Low\28EKWHBY.txt [ Cookie:yale@atdmt.com/ ] C:\USERS\YALE\AppData\Roaming\Microsoft\Windows\Cookies\Low\FS9EI7R8.txt [ Cookie:yale@revsci.net/ ] msnbcmedia.msn.com [ C:\USERS\ANTHONY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L6SD9N2R ] core.saymedia.com [ C:\USERS\U\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HUYSDYBP ] s0.2mdn.net [ C:\USERS\U\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HUYSDYBP ] art.aim4media.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] cdn.complexmedianetwork.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] cdn.tremormedia.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] core.insightexpressai.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] core.saymedia.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] crackle.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] ia.media-imdb.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] media.heavy.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] objects.tremormedia.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] secure-uk.imrworldwide.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] secure-us.imrworldwide.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] static.discoverymedia.com [ C:\USERS\YALE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZB3J723U ] PUP.MyWebSearch C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B3LILXHH\dcs[1].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQSTS0VO\mws-oasis-compressed[1].js [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JHSBSD\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V6482029\unified[1].css [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V6482029\afs[3].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6L4IFNG2\dcs[1].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C0AMBGZT\afs[4].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K1YLOLAT\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B3LILXHH\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C0AMBGZT\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JHSBSD\afs[3].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V6482029\ads[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K1YLOLAT\GGmain[2].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68266ZIL\ntpagetag[1].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V6482029\ads[2].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3FX0UVB0\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V6482029\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O9PD0NUX\ntpagetag[2].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O9PD0NUX\GGmain[2].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68266ZIL\ping[11].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EQAF43RD\ntpagetag[1].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3FX0UVB0\ping[7].gif [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6L4IFNG2\GGmain[1].htm [ cache:mywebsearch.com ] C:\USERS\ANTHONY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOTJP1QL\GGmain[2].htm [ cache:mywebsearch.com ] Trojan.Agent/Gen-Patchload C:\WINDOWS\INSTALLER\{90850409-6000-11D3-8CFE-0150048383C9}\MISC.EXE
  22. DeeMee
    Thanks again Firefox. I ran the full scan because I went to a site--yesterday-- that I knew may have had issues and sure enough I get the alert from Malwarebytes today. I run a full scan once every week to two weeks. I didn't want to take any chances. Perhaps it was a bit of overkill but since I know that the site was likely dirty... Here is a copy of the scan: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.01.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 [administrator] 7/1/2012 4:18:11 PM mbam-log-2012-07-01 (16-18-11).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 379139 Time elapsed: 5 hour(s), 19 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  23. DeeMee
    Thanks Firefox, Although I it takes about five hours to run, I will likely run a full scan. I have already run Avast with no results except a couple of unrelated files that would not scan. I will post results after scan is complete.
  24. DeeMee
    I received the alert today. Since it is a Potentially Unwanted Program I would like to know--before taking any action--whether this is a real threat or not. This is only maybe the second alert I have ever received after four years of using Malwarebytes.Noticed that it is within my restore points. Couldn't I just delete all restore points and that will accomplish the same goal? Thanks Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.30.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 [administrator] 6/30/2012 10:28:34 PM mbam-log-2012-07-01 (09-55-24).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 382206 Time elapsed: 5 hour(s), 39 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\System Volume Information\_restore{B24E5507-24F3-4A69-BD0B-D12A76B83EC2}\RP302\A0052595.exe (PUP.BundleInstaller.IQ) -> No action taken. C:\System Volume Information\_restore{B24E5507-24F3-4A69-BD0B-D12A76B83EC2}\RP302\A0052594.exe (PUP.BundleInstaller.IQ) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.