Jump to content

NarutoGaiden

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Columbus,GA
  • Interests
    Technology,gaming,and drawing.

Contact Methods

  • Yahoo
    davidmisyura@yahoo.com
  1. NarutoGaiden
    I have removed the malware removal programs, and the computer seems to be running more smoothly than ever. I have Advanced System Care Ultimate, which optimizes and protects the computer from viruses, and Malwarebytes Pro, for malware protection, installed on the computer. I have also installed the newest version of Java and Adobe PDF Reader. If there isn't anything else we need to do, then thank you for everything!
  2. NarutoGaiden
    The scan took a long time to finish, so I had to leave it on overnight. There were no threats found and everything seems to be running fine.
  3. NarutoGaiden
    mbam-log.txt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mila :: MILA-HP [administrator] Protection: Enabled 3/18/2013 1:13:26 AM mbam-log-2013-03-18 (01-13-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227575 Time elapsed: 3 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) hijackthis.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:20:23 AM, on 3/18/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\mila\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Z1] cmd /c "C:\Users\mila\Desktop\mbar\mbar.exe" /cleanup /s O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11884 bytes The computer seems to be running fine, as previously stated. I also didn't run into any problems.
  4. NarutoGaiden
    Log.txt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix 13-03-16.02 - mila 03/17/2013 23:34:45.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2354 [GMT -5:00] Running from: c:\users\mila\Downloads\ComboFix.exe Command switches used :: c:\users\mila\Desktop\CFScript.txt AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 ))))))))))))))))))))))))))))))) . . 2013-03-18 04:47 . 2013-03-18 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-18 04:47 . 2013-03-18 04:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-18 04:28 . 2013-03-18 04:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-18 04:28 . 2013-03-18 04:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-18 04:27 . 2013-03-18 04:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-18 04:27 . 2013-03-18 04:27 -------- d-----w- c:\program files (x86)\Java 2013-03-18 04:25 . 2013-03-18 04:25 -------- d-----w- c:\programdata\McAfee 2013-03-18 04:18 . 2013-02-19 09:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB00E72A-CF51-4471-AE51-51EA884FAD0F}\mpengine.dll 2013-03-18 03:08 . 2013-03-18 03:08 -------- d-----w- c:\programdata\Malwarebytes 2013-03-18 02:34 . 2013-03-18 02:34 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-16 04:09 . 2013-03-16 04:09 -------- d-----w- c:\programdata\4177 2013-02-28 18:47 . 2013-03-04 00:27 -------- d-----w- c:\programdata\PC Optimizer Pro 2013-02-28 18:40 . 2013-02-28 18:40 -------- d-----w- c:\users\mila\AppData\Roaming\Zeon 2013-02-28 18:38 . 2013-02-28 18:38 -------- d-----w- c:\programdata\Yahoo! 2013-02-28 18:37 . 2013-03-17 17:22 -------- d-----w- c:\programdata\Yahoo! Companion 2013-02-28 18:37 . 2013-02-28 18:37 -------- d-----w- c:\users\mila\AppData\Roaming\Yahoo! 2013-02-28 18:37 . 2013-03-17 18:24 -------- d-----w- c:\program files (x86)\Yahoo! 2013-02-16 23:30 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-18 04:27 . 2012-01-15 20:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-17 18:50 . 2012-04-11 23:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-17 18:50 . 2011-07-07 01:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-17 01:51 . 2012-01-02 23:02 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-24 03:44 . 2012-03-03 01:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-24 03:44 . 2012-03-03 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-15 03:07 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-15 03:07 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-15 03:07 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-15 03:07 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-15 03:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-15 03:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-15 03:07 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-15 03:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-15 03:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-15 03:07 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-15 03:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-15 03:07 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-15 03:07 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-17 336384] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\mila\Desktop\mbar\mbar.exe" [2013-03-18 1363016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088] R4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2012-12-14 621008] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-17 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-17 365568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S4 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:50] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\HPCeeScheduleFormila.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2011-12-12 52952] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com mCustomizeSearch = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-10947595.sys SafeBoot-31741498.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-17 23:52:40 ComboFix-quarantined-files.txt 2013-03-18 04:52 ComboFix2.txt 2013-03-18 01:35 . Pre-Run: 175,676,833,792 bytes free Post-Run: 175,347,286,016 bytes free . - - End Of File - - ADD1B6F6BA3FE41C3E059C78688EDC84 The computer seems to be running a lot smoother now. It also doesn't use up all of the cpu until it crashes. I will now go optimize it for best performance and update important programs to reduce the chance of getting more malware. Thanks for your help and patience!
  5. NarutoGaiden
    I have attached the TDDSKiller file since it was too big, and here is the MBAR file. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2541129728 ------------ Kernel report ------------ 03/17/2013 22:08:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\23027828.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\usbohci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004135060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006d\ Lower Device Object: 0xfffffa8003ff83d0 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.03.17.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004135060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80041345d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004135060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003ffcac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8003ffa580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003ff83d0, DeviceName: \Device\0000006d\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a0044dbbc0, 0xfffffa8004135060, 0xfffffa8003c44090 Lower DeviceData: 0xfffff8a004a2b6a0, 0xfffffa8003ff83d0, 0xfffffa80057fe880 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 16CC72E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 449128448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 449538048 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 480073728 Numsec = 8321392 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Infected: c:\Windows\svchost.exe --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2686201856 Removal queue found; removal started Removing c:\Windows\svchost.exe... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2614591488 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2617036800 ------------ Kernel report ------------ 03/17/2013 22:35:09 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\usbohci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\nsi.dll \Windows\System32\user32.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\usp10.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\ole32.dll \Windows\System32\advapi32.dll \Windows\System32\psapi.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\rpcrt4.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\kernel32.dll \Windows\System32\msvcrt.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004136060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006d\ Lower Device Object: 0xfffffa8003fe9700 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004136b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003fed900, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8003feb7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003fe9700, DeviceName: \Device\0000006d\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a003a88a70, 0xfffffa8004136060, 0xfffffa800373e790 Lower DeviceData: 0xfffff8a0044aae30, 0xfffffa8003fe9700, 0xfffffa80036d5240 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 16CC72E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 449128448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 449538048 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 480073728 Numsec = 8321392 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Done! Scan finished ======================================= The malware has also appeared to have been removed and the computer seems to be runing a lot better than before. I guess this means the removal was a success and I want to thank you for your patience.
  6. NarutoGaiden
    Sorry that I took so long to reply. Sorry I took so long. The computer was crashing and sluggish. ComboFix 13-03-16.02 - mila 03/17/2013 20:58:11.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2470 [GMT -4:00] Running from: c:\users\mila\Downloads\ComboFix.exe AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\D393.tmp c:\programdata\Microsoft\Windows\DRM\D3E2.tmp c:\users\mila\AppData\Roaming\Ylboi c:\users\mila\AppData\Roaming\Ylboi\jyoz.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 ))))))))))))))))))))))))))))))) . . 2013-03-17 18:33 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A73C9-4ABD-4F01-89D7-010EE7191BE8}\mpengine.dll 2013-03-16 04:09 . 2013-03-16 04:09 -------- d-----w- c:\programdata\4177 2013-02-28 18:47 . 2013-03-04 00:27 -------- d-----w- c:\programdata\PC Optimizer Pro 2013-02-28 18:40 . 2013-02-28 18:40 -------- d-----w- c:\users\mila\AppData\Roaming\Zeon 2013-02-28 18:38 . 2013-02-28 18:38 -------- d-----w- c:\programdata\Yahoo! 2013-02-28 18:37 . 2013-03-17 17:22 -------- d-----w- c:\programdata\Yahoo! Companion 2013-02-28 18:37 . 2013-02-28 18:37 -------- d-----w- c:\users\mila\AppData\Roaming\Yahoo! 2013-02-28 18:37 . 2013-03-17 18:24 -------- d-----w- c:\program files (x86)\Yahoo! 2013-02-16 23:30 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 03:37 . 2013-02-16 03:37 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-16 03:37 . 2013-02-16 03:37 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-17 18:50 . 2012-04-11 23:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-17 18:50 . 2011-07-07 01:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-17 01:51 . 2012-01-02 23:02 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-24 03:44 . 2012-03-03 01:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-24 03:44 . 2012-03-03 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-17 06:28 . 2010-11-21 03:27 273840 ----a-w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-15 03:07 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-15 03:07 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-15 03:07 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-15 03:07 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-15 03:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-15 03:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-15 03:07 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-15 03:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-15 03:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-15 03:07 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-15 03:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-15 03:07 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-15 03:07 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-17 336384] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-04-25 250880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-17 19456] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-17 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-17 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736] R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088] R4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2012-12-14 621008] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-05-16 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2012-10-23 1384608] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys [2012-09-01 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-17 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-17 365568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-09-06 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-06 1857600] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:50] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\HPCeeScheduleFormila.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2011-12-12 52952] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com mCustomizeSearch = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe Wow6432Node-HKLM-Run-Coupon Alert Search Scope Monitor - c:\progra~2\COUPON~2\bar\1.bin\2psrchmn.exe Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-03-17 21:35:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-18 01:35 . Pre-Run: 173,075,709,952 bytes free Post-Run: 172,745,519,104 bytes free . - - End Of File - - F930501FA6445B9EEDCE782E8B2AE9F9
  7. NarutoGaiden
    AdwCleaner ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ # AdwCleaner v2.005 - Logfile created 03/17/2013 at 17:43:39 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mila - MILA-HP # Boot Mode : Normal # Running from : C:\Users\mila\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : CouponAlert_2pService ***** [Files / Folders] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\AppGraffiti Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\CouponAlert_2p Folder Deleted : C:\Program Files (x86)\Inbox Toolbar Folder Deleted : C:\Program Files (x86)\Translator_3.1 Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti Folder Deleted : C:\Users\mila\AppData\Local\Conduit Folder Deleted : C:\Users\mila\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\mila\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\mila\AppData\LocalLow\Conduit Folder Deleted : C:\Users\mila\AppData\LocalLow\CouponAlert_2p Folder Deleted : C:\Users\mila\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\mila\AppData\LocalLow\Translator_3.1 Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p Key Deleted : HKCU\Software\AppDataLow\Software\Translator_3.1 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppGraffiti Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AppGraffiti Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008653 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\CouponAlert_2p Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin Key Deleted : HKLM\Software\Translator_3.1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30DCD4B8-5E93-48D6-BCE7-C3C42E944E3D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{874232A0-73F4-4DDF-8AC8-C46AAFB76C54} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Translator_3.1 Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B9F8C21-46EC-4C0B-8683-E755EF84577A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponAlert_2p Browser Plugin Loader] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [2pffxtbr@CouponAlert_2p.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 --> hxxp://www.google.com ************************* AdwCleaner[s1].txt - [31876 octets] - [17/03/2013 17:43:39] ########## EOF - C:\AdwCleaner[s1].txt - [31937 octets] ########## RKreport (after scan and deletion) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mila [Admin rights] Mode : Remove -- Date : 03/17/2013 18:15:18 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] MailRuUpdater.exe -- C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe -> KILLED [TermProc] [sUSP PATH] magent.exe -- C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -> KILLED [TermProc] [sUSP PATH] jyoz.exe -- C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : MailRuUpdater (C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : MAgent (C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : {5D7CD965-7757-AD41-CDDB-B7CBEE1694D6} (C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe) -> DELETED [TASK][bLPATH] HPCustParticipation HP Deskjet 1050 J410 series : "C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0800 -> DELETED [TASK][sUSP PATH] {1CBEE9FE-DCC2-432C-A3B7-B683C72A8544} : C:\Windows\system32\pcalua.exe -a "C:\Users\mila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBQXYF18\jre-6u30-windows-i586-iftw.exe" -d C:\Users\mila\Desktop -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD25 00BEVT-60A23T0 SATA Disk Device +++++ --- User --- [MBR] aed9e5c403710bd171265864f1db41af [bSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 219301 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 449538048 | Size: 14910 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 480073728 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] fcb9dae80714008af1a744c186f4dd0d [bSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows 7 MBR Code Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 219301 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 449538048 | Size: 14910 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  8. NarutoGaiden
    Checkup.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security Advanced SystemCare Ultimate WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 30 Java version out of Date! Adobe Reader X (10.1.6) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` Attach.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2011 8:26:11 PM System Uptime: 3/17/2013 2:37:17 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 3577 Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 214 GiB total, 161.592 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.587 GiB free. E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 1/23/2013 8:34:08 PM - Windows Update RP83: 1/31/2013 6:47:56 PM - Windows Update RP84: 2/6/2013 7:32:44 PM - Windows Update RP85: 2/9/2013 8:58:16 PM - Windows Update RP86: 2/13/2013 9:38:32 AM - Windows Update RP87: 2/16/2013 6:24:39 PM - Windows Update RP88: 2/20/2013 10:02:23 PM - Windows Update RP89: 2/27/2013 11:47:30 PM - Windows Update RP90: 3/3/2013 7:34:08 PM - Removed Nuance PDF Reader. RP91: 3/17/2013 1:14:47 PM - Restore Operation . ==== Installed Programs ====================== . ?????? ??????????????? ?????????? ???????? ???????? Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) MUI Adobe Shockwave Player 11.5 Advanced SystemCare Ultimate 6 Agatha Christie - Peril at End House AllMusicConverter Media Suite 4.3.7 AMD APP SDK Runtime AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center AppGraffiti Ask Toolbar ATI Catalyst Install Manager BearShare Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chronicles of Albian Chuzzle Deluxe Compaq Setup Manager Coupon Printer for Windows CouponAlert Toolbar Cradle of Rome 2 CyberLink YouCam D3DX10 ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FATE Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Documentation HP Games HP Launch Box HP MovieStore HP On Screen Display HP Photo Creations HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Software Framework HP Support Assistant HP Update Inbox Toolbar Java Auto Updater Java 6 Update 30 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update Mah Jong Medley Mail.Ru ????? 6.0 (build 6015, for current user) Mail.Ru ??????? 2.4.1.74 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Norton Internet Security Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Ralink RT5390 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Recovery Manager RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) ShopAtHome.com Toolbar Skype™ 6.1 Slingo Supreme Smart PDF Converter Pro 6.3.0.467 Synaptics TouchPad Driver Translator 3.1 Toolbar Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Virtual Villagers 5 - New Believers WildTangent Games App (HP Games) Wincore MediaBar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 3/17/2013 2:38:03 PM, Error: Service Control Manager [7000] - The Coupon AlertService service failed to start due to the following error: The system cannot find the file specified. 3/17/2013 2:35:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/17/2013 2:34:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:34:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/17/2013 2:34:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/17/2013 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/17/2013 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/17/2013 2:33:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/17/2013 2:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/17/2013 2:31:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 3/17/2013 2:31:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d425, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031713-29296-01. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:25:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 3/17/2013 2:25:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/17/2013 2:25:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/13/2013 7:18:31 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 3/13/2013 4:50:39 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86162 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly. 3/13/2013 11:13:36 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File =========================== DDS.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by mila at 16:22:00 on 2013-03-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.1962 [GMT -4:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\SysWOW64\notepad.exe C:\Windows\system32\sppsvc.exe C:\Windows\explorer.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=1 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 uURLSearchHooks: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll mURLSearchHooks: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - BHO: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - <orphaned> TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll uRun: [MailRuUpdater] C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe uRun: [MAgent] C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart uRun: [{5D7CD965-7757-AD41-CDDB-B7CBEE1694D6}] C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [selectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{3AEFD89E-5580-48C8-9BE4-BF23D13EE80B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{BB4EA196-0088-427A-A8EF-6E67841AFD21} : DHCPNameServer = 192.168.1.254 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-15 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-15 40064] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-17 1384608] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSviA64.sys [2013-1-20 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-24 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-17 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-6-17 365568] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-24 1817088] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-24 46136] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-6-17 9359872] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-6-17 309760] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-8-24 1857600] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-24 335464] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-24 436840] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-24 44672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253656] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-5-27 250880] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-17 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-14 1255736] S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-1-20 1051088] S4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-1-20 621008] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-17 18:33:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{157A73C9-4ABD-4F01-89D7-010EE7191BE8}\mpengine.dll 2013-03-17 18:25:47 20480 ----a-w- C:\Windows\svchost.exe 2013-03-16 04:09:04 -------- d-----w- C:\ProgramData\4177 2013-03-04 22:19:40 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D3E2.tmp 2013-03-04 22:19:40 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D393.tmp 2013-02-28 18:47:42 -------- d-----w- C:\ProgramData\PC Optimizer Pro 2013-02-28 18:40:25 -------- d-----w- C:\Users\mila\AppData\Roaming\Zeon 2013-02-28 18:37:18 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-02-28 18:36:12 -------- d-----w- C:\ProgramData\APN 2013-02-16 23:30:45 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30:44 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 03:37:35 -------- d-----r- C:\Program Files (x86)\Skype . ==================== Find3M ==================== . 2013-03-17 18:50:51 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-17 18:50:51 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 06:28:58 273840 ----a-w- C:\Windows\System32\MpSigStub.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 16:23:54.42 =============== Sorry that I wasn't able to reply fast. The computer was sluggish.
  9. NarutoGaiden
    I have a computer infected with the Svhost.exe *32 malware virus. It uses up all of the computers cpu and makes it basically unusable by crashing and slowing it down dramaticaly. I have already cleaned my computer from this malware along time ago, but there is another computer that I need to clean. So is there someone that can help me? I've already been throug the process on my computer, so I'll know what to expect, and I'll also been on for anyone kind enough to help me.
  10. NarutoGaiden

    Thanks for everything and for being patient! I probably wouldn't even be able to use my computer if it weren't for you!

  11. NarutoGaiden
    Well,now that I've updated my programs and did everything you told me to do,I think my computer is safe now.Thanks a lot!If I had money and credit card I would donate to you because you earned it! I will keep your preventative maintenance page as a bookmark just in case and thanks for everything!
  12. NarutoGaiden
    Here's the checkup file= a Results of screen317's Security Check version 0.99.51 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security Advanced SystemCare with Antivirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 4.0 Firefox out of Date! Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe IObit Advanced SystemCare with Antivirus 2013 ascsvc.exe IObit Advanced SystemCare with Antivirus 2013 ascavsvc.exe IObit Advanced SystemCare with Antivirus 2013 ASCTray.exe IObit Advanced SystemCare with Antivirus 2013 Suo10_SmartRAM.exe IObit IObit Malware Fighter IMFsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  13. NarutoGaiden
    I also think it might be a false detection and that it might not even exist but here's the log= aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-18 21:44:39 ----------------------------- 21:44:39.115 OS Version: Windows x64 6.1.7600 21:44:39.115 Number of processors: 2 586 0x603 21:44:39.116 ComputerName: DAVID-HP UserName: David 21:44:42.417 Initialize success 21:45:23.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072 21:45:23.528 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 11 21:45:23.548 Disk 0 MBR read successfully 21:45:23.550 Disk 0 MBR scan 21:45:23.553 Disk 0 Windows 7 default MBR code 21:45:23.558 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 21:45:23.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289675 MB offset 409600 21:45:23.590 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15266 MB offset 593664000 21:45:23.607 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768 21:45:23.652 Disk 0 scanning C:\Windows\system32\drivers 21:45:31.381 Service scanning 21:46:14.877 Modules scanning 21:46:14.885 Disk 0 trace - called modules: 21:46:14.939 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 21:46:15.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073ea060] 21:46:15.280 3 CLASSPNP.SYS[fffff88001a8c43f] -> nt!IofCallDriver -> [0xfffffa80072ff760] 21:46:15.286 5 amd_xata.sys[fffff880010f77a8] -> nt!IofCallDriver -> \Device\00000072[0xfffffa80072fd060] 21:46:15.293 Scan finished successfully 21:46:37.177 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat" 21:46:37.183 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
  14. NarutoGaiden
    Here's the log file= RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Scan -- Date : 10/18/2012 21:19:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][PREVRUN] {110E7402-996E-4F7D-A894-8910AE3C84B4} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\XvidSetup (1).exe" -d C:\Users\David\Desktop -> FOUND [TASK][PREVRUN] {D96301CF-100A-4432-A8CD-D3433714F810} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke\Setup.exe" -d "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke" -> FOUND [TASK][PREVRUN] {EB517B38-BE6E-4AC1-BCF7-222A05B03EF4} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\chromeinstall (1).exe" -d C:\Users\David\Downloads -> FOUND [TASK][PREVRUN] {FEE56FF8-FFFE-49C9-8D4F-CD5AE73F5812} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\Minecraft Installer 1.7.2.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSX SATA Disk Device +++++ --- User --- [MBR] 993ddd5f92796248a77b186a1a330426 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289675 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 593664000 | Size: 15266 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 38352929c2d780a90a22d37c561431a2 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 2000 Mo Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  15. NarutoGaiden
    Well thanks for replying quickly and helping me. Here's the log file= Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.18.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-HP [administrator] 10/18/2012 8:16:53 PM mbam-log-2012-10-18 (20-16-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222448 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) By the looks of it,I think the Zero Access and Svhost *32 are gone,but I can't be too sure.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.