Jump to content

candypants

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. candypants
    Sorry for not replying in a while. A friend came over and fixed it. It was a corrupted codec for google chrome she said. Not sure what that means. As for the other browsers(firefox and ie) I just had to be patient and let everything settle down on my computer before using it. Everything is working fine now. I'm not sure what she did because she was going so fast but it's fixed.
  2. candypants
    ComboFix 12-08-07.03 - Jasmine 08/07/2012 16:07:24.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.789 [GMT -5:00] Running from: c:\users\Jasmine\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 21:19 . 2012-08-07 21:19 -------- d-----w- c:\users\Johnny Dupree\AppData\Local\temp 2012-08-07 21:19 . 2012-08-07 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 15:12 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5C5057D-2653-4643-9DB0-97AB691912A6}\mpengine.dll 2012-08-04 14:48 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 18:58 . 2012-08-02 18:58 -------- d-----w- c:\users\Jasmine\AppData\Roaming\Malwarebytes 2012-08-02 18:58 . 2012-08-02 18:58 -------- d-----w- c:\programdata\Malwarebytes 2012-08-02 18:58 . 2012-08-04 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 18:54 . 2012-08-02 18:54 -------- d-----w- c:\users\Jasmine\AppData\Local\Macromedia 2012-08-02 15:42 . 2012-08-02 15:42 -------- d-----w- c:\programdata\WindowsSearch 2012-07-30 00:58 . 2012-07-30 00:58 -------- d-----w- c:\program files\WinPcap 2012-07-30 00:57 . 2012-07-30 01:09 -------- d-----w- c:\programdata\Freemake 2012-07-30 00:57 . 2012-07-30 01:09 -------- d-----w- c:\program files\Freemake 2012-07-18 04:13 . 2012-07-18 04:15 -------- d-----w- c:\program files\1ClickDownload 2012-07-12 08:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:19 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 14:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:19 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 14:19 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 14:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 14:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 16:21 . 2011-07-24 04:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-10 11:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-07-24 04:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-07-24 04:18 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-07-24 04:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-07-24 04:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-07-24 04:18 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-07-24 04:18 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-28 12:52 . 2012-06-24 17:33 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-06-22 00:21 . 2012-04-30 02:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 00:21 . 2012-02-15 01:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 22:19 . 2012-06-21 00:28 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 00:28 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 00:28 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 00:28 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 00:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 00:28 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 00:28 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 00:27 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12 . 2012-06-21 00:27 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 17:25 . 2010-01-31 19:48 237072 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-10-23 53248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:51] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\rccw2xw2.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Vuze Remote : {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: OneClickDownloader: OneClickDownload@OneClickDownload.com - %profile%\extensions\OneClickDownload@OneClickDownload.com . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 16:19 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-08-07 16:23:19 ComboFix-quarantined-files.txt 2012-08-07 21:23 ComboFix2.txt 2012-08-07 18:04 . Pre-Run: 144,655,761,408 bytes free Post-Run: 144,615,256,064 bytes free . - - End Of File - - C645C584054E439AEE3E214C0252092F . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Jasmine at 16:39:34 on 2012-08-07 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1102 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{87726504-A8FC-45E6-A4FA-1828686EDD9B} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\rccw2xw2.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\rccw2xw2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Vuze Remote : {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: OneClickDownloader: OneClickDownload@OneClickDownload.com - %profile%\extensions\OneClickDownload@OneClickDownload.com . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-24 18544] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-10 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-23 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-23 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-23 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-23 44808] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-3 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944] R2 MSSQL$KINGSCHOOLSKTC;SQL Server (KINGSCHOOLSKTC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-22 92592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FreemakeVideoCapture;FreemakeVideoCapture;"c:\program files\freemake\capturelib\capturelibservice.exe" --> c:\program files\freemake\capturelib\CaptureLibService.exe [?] S2 gupdate1caa2a6719ffe30;Google Update Service (gupdate1caa2a6719ffe30);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 133104] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-07 21:22:36 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-07 21:04:44 -------- d-----w- C:\ComboFix 2012-08-07 17:44:39 98816 ----a-w- c:\windows\sed.exe 2012-08-07 17:44:39 518144 ----a-w- c:\windows\SWREG.exe 2012-08-07 17:44:39 256000 ----a-w- c:\windows\PEV.exe 2012-08-07 17:44:39 208896 ----a-w- c:\windows\MBR.exe 2012-08-07 15:12:46 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b5c5057d-2653-4643-9db0-97ab691912a6}\mpengine.dll 2012-08-04 14:48:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 18:58:19 -------- d-----w- c:\users\jasmine\appdata\roaming\Malwarebytes 2012-08-02 18:58:03 -------- d-----w- c:\programdata\Malwarebytes 2012-08-02 18:58:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 18:54:26 -------- d-----w- c:\users\jasmine\appdata\local\Macromedia 2012-07-30 00:58:31 -------- d-----w- c:\program files\WinPcap 2012-07-30 00:57:58 -------- d-----w- c:\programdata\Freemake 2012-07-30 00:57:32 -------- d-----w- c:\program files\Freemake 2012-07-18 04:13:32 -------- d-----w- c:\program files\1ClickDownload 2012-07-12 08:12:17 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:19:45 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 14:19:38 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:19:38 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 14:19:34 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 14:19:33 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 14:19:33 204288 ----a-w- c:\windows\system32\ncrypt.dll . ==================== Find3M ==================== . 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-28 12:52:36 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-06-22 00:21:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 00:21:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 16:41:26.10 =============== Even though I've uninstalled vuze for some reason the toolbar is still functioning in firefox. I hope that doesn't mess anything up while I find a way to remove it.
  3. candypants
    Yeah. I do see it and it's uninstalled now. What I meant was that vuze was the only one. Do I need to do the dds and combofix again?
  4. candypants
    Okay. I can do that. That's the only program on this computer that would count as p2p and sony vegas is already long gone from this laptop. So I need to do the tests all over again?
  5. candypants
    I don't know why it's just those two logs. The other one is the same thing. What was removed was the avg.exe, two sony vegas keygens, and something else I can't rightly remember. Sorry. Here is the combofix log: ComboFix 12-08-07.03 - Jasmine 08/07/2012 12:48:49.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.839 [GMT -5:00] Running from: c:\users\Jasmine\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\KBL.LOG c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe H:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 18:00 . 2012-08-07 18:00 -------- d-----w- c:\users\Johnny Dupree\AppData\Local\temp 2012-08-07 18:00 . 2012-08-07 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 15:12 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5C5057D-2653-4643-9DB0-97AB691912A6}\mpengine.dll 2012-08-04 14:48 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 18:58 . 2012-08-02 18:58 -------- d-----w- c:\users\Jasmine\AppData\Roaming\Malwarebytes 2012-08-02 18:58 . 2012-08-02 18:58 -------- d-----w- c:\programdata\Malwarebytes 2012-08-02 18:58 . 2012-08-04 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 18:54 . 2012-08-02 18:54 -------- d-----w- c:\users\Jasmine\AppData\Local\Macromedia 2012-08-02 15:42 . 2012-08-02 15:42 -------- d-----w- c:\programdata\WindowsSearch 2012-07-30 00:58 . 2012-07-30 00:58 -------- d-----w- c:\program files\WinPcap 2012-07-30 00:57 . 2012-07-30 01:09 -------- d-----w- c:\programdata\Freemake 2012-07-30 00:57 . 2012-07-30 01:09 -------- d-----w- c:\program files\Freemake 2012-07-18 04:13 . 2012-07-18 04:15 -------- d-----w- c:\program files\1ClickDownload 2012-07-12 08:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:19 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 14:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:19 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 14:19 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 14:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 14:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 16:21 . 2011-07-24 04:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-09-10 11:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-07-24 04:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-07-24 04:18 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-07-24 04:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-07-24 04:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2011-07-24 04:18 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-07-24 04:18 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-28 12:52 . 2012-06-24 17:33 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-06-22 00:21 . 2012-04-30 02:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 00:21 . 2012-02-15 01:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 22:19 . 2012-06-21 00:28 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 00:28 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 00:28 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 00:28 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 00:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 00:28 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 00:28 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 00:27 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12 . 2012-06-21 00:27 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 17:25 . 2010-01-31 19:48 237072 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-10-23 53248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:51] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\rccw2xw2.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Vuze Remote : {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: OneClickDownloader: OneClickDownload@OneClickDownload.com - %profile%\extensions\OneClickDownload@OneClickDownload.com . - - - - ORPHANS REMOVED - - - - . HKCU-Run-c:\users\Jasmine\Desktop\LivestreamProcaster.exe - c:\users\Jasmine\Desktop\LivestreamProcaster.exe HKLM-Run-hpqSRMon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 13:00 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\avast! sandbox . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-08-07 13:04:45 ComboFix-quarantined-files.txt 2012-08-07 18:04 . Pre-Run: 144,152,551,424 bytes free Post-Run: 144,673,918,976 bytes free . - - End Of File - - D3AA5D18B2D061C18DEF5412CBD43CB7 Here is the new DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Jasmine at 13:07:53 on 2012-08-07 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.668 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{87726504-A8FC-45E6-A4FA-1828686EDD9B} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\rccw2xw2.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\rccw2xw2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Vuze Remote : {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: OneClickDownloader: OneClickDownload@OneClickDownload.com - %profile%\extensions\OneClickDownload@OneClickDownload.com . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-24 18544] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-10 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-23 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-23 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-23 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-23 44808] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-3 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944] R2 MSSQL$KINGSCHOOLSKTC;SQL Server (KINGSCHOOLSKTC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-22 92592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FreemakeVideoCapture;FreemakeVideoCapture;"c:\program files\freemake\capturelib\capturelibservice.exe" --> c:\program files\freemake\capturelib\CaptureLibService.exe [?] S2 gupdate1caa2a6719ffe30;Google Update Service (gupdate1caa2a6719ffe30);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 133104] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-07 18:05:09 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-07 17:44:39 98816 ----a-w- c:\windows\sed.exe 2012-08-07 17:44:39 518144 ----a-w- c:\windows\SWREG.exe 2012-08-07 17:44:39 256000 ----a-w- c:\windows\PEV.exe 2012-08-07 17:44:39 208896 ----a-w- c:\windows\MBR.exe 2012-08-07 17:44:30 -------- d-----w- C:\ComboFix 2012-08-07 15:12:46 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b5c5057d-2653-4643-9db0-97ab691912a6}\mpengine.dll 2012-08-04 14:48:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-02 18:58:19 -------- d-----w- c:\users\jasmine\appdata\roaming\Malwarebytes 2012-08-02 18:58:03 -------- d-----w- c:\programdata\Malwarebytes 2012-08-02 18:58:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-02 18:54:26 -------- d-----w- c:\users\jasmine\appdata\local\Macromedia 2012-07-30 00:58:31 -------- d-----w- c:\program files\WinPcap 2012-07-30 00:57:58 -------- d-----w- c:\programdata\Freemake 2012-07-30 00:57:32 -------- d-----w- c:\program files\Freemake 2012-07-18 04:13:32 -------- d-----w- c:\program files\1ClickDownload 2012-07-12 08:12:17 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:19:45 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 14:19:38 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:19:38 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 14:19:34 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 14:19:33 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 14:19:33 204288 ----a-w- c:\windows\system32\ncrypt.dll . ==================== Find3M ==================== . 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-28 12:52:36 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-06-22 00:21:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 00:21:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 13:08:32.40 ===============
  6. candypants
    Okay. Sorry. I was just following the instructions on this other thread here.
  7. candypants
    Okay. This started about five days ago. I'd log on to my profile on my fathers laptop and I'd bring up task manager to get stop some programs that I don't need (hp advisor, etc). I'd start up Google chrome and want to watch a video on youtube. I didn't notice the high memory at this point. When the video starts everything is normal, but when I fullscreen the video it's all slow and jittery. This has never happened before, but I do notice the physical memory usage is almost capped. The computer usually stays around 750-850mb, but now it stays above 1.09gb when no programs are running (for me it's google chrome and adobe pdf reader). I thought it might be the graphics card needing to be updated and when that didn't solve the problem I did a system restore. This worked perfectly. I didn't get the high memory usage and everything ran smoothly. But after three days the problem happens again. I don't know how to fix it. I've downloaded malwarebytes and it found 4 infections that were quickly gotten rid of and the laptop restarted. I still have the problem. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.