Jump to content

NarutoGaiden

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Everything posted by NarutoGaiden

  1. NarutoGaiden
    I have removed the malware removal programs, and the computer seems to be running more smoothly than ever. I have Advanced System Care Ultimate, which optimizes and protects the computer from viruses, and Malwarebytes Pro, for malware protection, installed on the computer. I have also installed the newest version of Java and Adobe PDF Reader. If there isn't anything else we need to do, then thank you for everything!
  2. NarutoGaiden
    The scan took a long time to finish, so I had to leave it on overnight. There were no threats found and everything seems to be running fine.
  3. NarutoGaiden
    mbam-log.txt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mila :: MILA-HP [administrator] Protection: Enabled 3/18/2013 1:13:26 AM mbam-log-2013-03-18 (01-13-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227575 Time elapsed: 3 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) hijackthis.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:20:23 AM, on 3/18/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\mila\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Z1] cmd /c "C:\Users\mila\Desktop\mbar\mbar.exe" /cleanup /s O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11884 bytes The computer seems to be running fine, as previously stated. I also didn't run into any problems.
  4. NarutoGaiden
    Log.txt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix 13-03-16.02 - mila 03/17/2013 23:34:45.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2354 [GMT -5:00] Running from: c:\users\mila\Downloads\ComboFix.exe Command switches used :: c:\users\mila\Desktop\CFScript.txt AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 ))))))))))))))))))))))))))))))) . . 2013-03-18 04:47 . 2013-03-18 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-18 04:47 . 2013-03-18 04:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-18 04:28 . 2013-03-18 04:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-03-18 04:28 . 2013-03-18 04:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-18 04:27 . 2013-03-18 04:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-18 04:27 . 2013-03-18 04:27 -------- d-----w- c:\program files (x86)\Java 2013-03-18 04:25 . 2013-03-18 04:25 -------- d-----w- c:\programdata\McAfee 2013-03-18 04:18 . 2013-02-19 09:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB00E72A-CF51-4471-AE51-51EA884FAD0F}\mpengine.dll 2013-03-18 03:08 . 2013-03-18 03:08 -------- d-----w- c:\programdata\Malwarebytes 2013-03-18 02:34 . 2013-03-18 02:34 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-16 04:09 . 2013-03-16 04:09 -------- d-----w- c:\programdata\4177 2013-02-28 18:47 . 2013-03-04 00:27 -------- d-----w- c:\programdata\PC Optimizer Pro 2013-02-28 18:40 . 2013-02-28 18:40 -------- d-----w- c:\users\mila\AppData\Roaming\Zeon 2013-02-28 18:38 . 2013-02-28 18:38 -------- d-----w- c:\programdata\Yahoo! 2013-02-28 18:37 . 2013-03-17 17:22 -------- d-----w- c:\programdata\Yahoo! Companion 2013-02-28 18:37 . 2013-02-28 18:37 -------- d-----w- c:\users\mila\AppData\Roaming\Yahoo! 2013-02-28 18:37 . 2013-03-17 18:24 -------- d-----w- c:\program files (x86)\Yahoo! 2013-02-16 23:30 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-18 04:27 . 2012-01-15 20:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-17 18:50 . 2012-04-11 23:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-17 18:50 . 2011-07-07 01:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-17 01:51 . 2012-01-02 23:02 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-24 03:44 . 2012-03-03 01:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-24 03:44 . 2012-03-03 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-15 03:07 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-15 03:07 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-15 03:07 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-15 03:07 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-15 03:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-15 03:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-15 03:07 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-15 03:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-15 03:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-15 03:07 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-15 03:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-15 03:07 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-15 03:07 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-17 336384] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\mila\Desktop\mbar\mbar.exe" [2013-03-18 1363016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088] R4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2012-12-14 621008] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-17 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-17 365568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S4 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:50] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\HPCeeScheduleFormila.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2011-12-12 52952] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com mCustomizeSearch = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-10947595.sys SafeBoot-31741498.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-17 23:52:40 ComboFix-quarantined-files.txt 2013-03-18 04:52 ComboFix2.txt 2013-03-18 01:35 . Pre-Run: 175,676,833,792 bytes free Post-Run: 175,347,286,016 bytes free . - - End Of File - - ADD1B6F6BA3FE41C3E059C78688EDC84 The computer seems to be running a lot smoother now. It also doesn't use up all of the cpu until it crashes. I will now go optimize it for best performance and update important programs to reduce the chance of getting more malware. Thanks for your help and patience!
  5. NarutoGaiden
    I have attached the TDDSKiller file since it was too big, and here is the MBAR file. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2541129728 ------------ Kernel report ------------ 03/17/2013 22:08:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\23027828.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\usbohci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004135060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006d\ Lower Device Object: 0xfffffa8003ff83d0 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.03.17.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004135060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80041345d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004135060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003ffcac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8003ffa580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003ff83d0, DeviceName: \Device\0000006d\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a0044dbbc0, 0xfffffa8004135060, 0xfffffa8003c44090 Lower DeviceData: 0xfffff8a004a2b6a0, 0xfffffa8003ff83d0, 0xfffffa80057fe880 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 16CC72E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 449128448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 449538048 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 480073728 Numsec = 8321392 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Infected: c:\Windows\svchost.exe --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2686201856 Removal queue found; removal started Removing c:\Windows\svchost.exe... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2614591488 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 0.997000 GHz Memory total: 3870195712, free: 2617036800 ------------ Kernel report ------------ 03/17/2013 22:35:09 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys \SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\usbohci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\nsi.dll \Windows\System32\user32.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\usp10.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\ole32.dll \Windows\System32\advapi32.dll \Windows\System32\psapi.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\rpcrt4.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\kernel32.dll \Windows\System32\msvcrt.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004136060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006d\ Lower Device Object: 0xfffffa8003fe9700 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004136b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003fed900, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8003feb7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8003fe9700, DeviceName: \Device\0000006d\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a003a88a70, 0xfffffa8004136060, 0xfffffa800373e790 Lower DeviceData: 0xfffff8a0044aae30, 0xfffffa8003fe9700, 0xfffffa80036d5240 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 16CC72E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 449128448 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 449538048 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 480073728 Numsec = 8321392 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1) Read File: File "c:\ProgramData\{A6407055-0AD9-4188-BF59-D278031D3689}\instance.dat" is compressed (flags = 1) Done! Scan finished ======================================= The malware has also appeared to have been removed and the computer seems to be runing a lot better than before. I guess this means the removal was a success and I want to thank you for your patience.
  6. NarutoGaiden
    Sorry that I took so long to reply. Sorry I took so long. The computer was crashing and sluggish. ComboFix 13-03-16.02 - mila 03/17/2013 20:58:11.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2470 [GMT -4:00] Running from: c:\users\mila\Downloads\ComboFix.exe AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\D393.tmp c:\programdata\Microsoft\Windows\DRM\D3E2.tmp c:\users\mila\AppData\Roaming\Ylboi c:\users\mila\AppData\Roaming\Ylboi\jyoz.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 ))))))))))))))))))))))))))))))) . . 2013-03-17 18:33 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A73C9-4ABD-4F01-89D7-010EE7191BE8}\mpengine.dll 2013-03-16 04:09 . 2013-03-16 04:09 -------- d-----w- c:\programdata\4177 2013-02-28 18:47 . 2013-03-04 00:27 -------- d-----w- c:\programdata\PC Optimizer Pro 2013-02-28 18:40 . 2013-02-28 18:40 -------- d-----w- c:\users\mila\AppData\Roaming\Zeon 2013-02-28 18:38 . 2013-02-28 18:38 -------- d-----w- c:\programdata\Yahoo! 2013-02-28 18:37 . 2013-03-17 17:22 -------- d-----w- c:\programdata\Yahoo! Companion 2013-02-28 18:37 . 2013-02-28 18:37 -------- d-----w- c:\users\mila\AppData\Roaming\Yahoo! 2013-02-28 18:37 . 2013-03-17 18:24 -------- d-----w- c:\program files (x86)\Yahoo! 2013-02-16 23:30 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 03:37 . 2013-02-16 03:37 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-16 03:37 . 2013-02-16 03:37 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-17 18:50 . 2012-04-11 23:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-17 18:50 . 2011-07-07 01:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-17 01:51 . 2012-01-02 23:02 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-24 03:44 . 2012-03-03 01:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-24 03:44 . 2012-03-03 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-17 06:28 . 2010-11-21 03:27 273840 ----a-w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-15 03:07 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-15 03:07 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-15 03:07 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-15 03:07 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-15 03:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-15 03:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-15 03:07 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-15 03:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-15 03:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-15 03:07 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-15 03:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-15 03:07 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-15 03:07 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-17 336384] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-04-25 250880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-17 19456] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-17 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-17 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736] R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088] R4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2012-12-14 621008] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-05-16 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2012-10-23 1384608] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSvia64.sys [2012-09-01 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-17 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-17 365568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-09-06 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-06 1857600] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:50] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:58] . 2013-03-18 c:\windows\Tasks\HPCeeScheduleFormila.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2011-12-12 52952] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=1 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com mCustomizeSearch = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe Wow6432Node-HKLM-Run-Coupon Alert Search Scope Monitor - c:\progra~2\COUPON~2\bar\1.bin\2psrchmn.exe Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-03-17 21:35:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-18 01:35 . Pre-Run: 173,075,709,952 bytes free Post-Run: 172,745,519,104 bytes free . - - End Of File - - F930501FA6445B9EEDCE782E8B2AE9F9
  7. NarutoGaiden
    AdwCleaner ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ # AdwCleaner v2.005 - Logfile created 03/17/2013 at 17:43:39 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mila - MILA-HP # Boot Mode : Normal # Running from : C:\Users\mila\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : CouponAlert_2pService ***** [Files / Folders] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\AppGraffiti Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\CouponAlert_2p Folder Deleted : C:\Program Files (x86)\Inbox Toolbar Folder Deleted : C:\Program Files (x86)\Translator_3.1 Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti Folder Deleted : C:\Users\mila\AppData\Local\Conduit Folder Deleted : C:\Users\mila\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\mila\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\mila\AppData\LocalLow\Conduit Folder Deleted : C:\Users\mila\AppData\LocalLow\CouponAlert_2p Folder Deleted : C:\Users\mila\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\mila\AppData\LocalLow\Translator_3.1 Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p Key Deleted : HKCU\Software\AppDataLow\Software\Translator_3.1 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppGraffiti Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AppGraffiti Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.DynamicBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.Radio.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ScriptButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\CouponAlert_2p.XMLSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008653 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{20BCCE5A-C687-46FF-8DD2-AD8235F5F2B4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3276E8A8-A233-449B-A7EB-FCEE21246018} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53CA18E7-5223-4358-9FD9-97C62C66C5BD} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60FC9013-4A5A-4306-9695-FCE0A6617F22} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7924FD2B-877C-4395-A063-A88AB887EA6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79583DE9-D0C2-44EF-AE0D-CBFA16C2A785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8542E415-0E53-4261-8BE4-0D1598229D90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A4116F8C-A634-4536-B9EF-6B9EBCC5BAE1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7CE22AF-CCB3-423F-84D5-4D77152181F3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EBAF2B4F-510A-47C7-86BA-E7D94D1162F6} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\CouponAlert_2p Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin Key Deleted : HKLM\Software\Translator_3.1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30DCD4B8-5E93-48D6-BCE7-C3C42E944E3D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{874232A0-73F4-4DDF-8AC8-C46AAFB76C54} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Translator_3.1 Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B9F8C21-46EC-4C0B-8683-E755EF84577A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CouponAlert_2p Browser Plugin Loader] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [2pffxtbr@CouponAlert_2p.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3462C343-BE19-4143-AF70-CEFB56F46FC6}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 --> hxxp://www.google.com ************************* AdwCleaner[s1].txt - [31876 octets] - [17/03/2013 17:43:39] ########## EOF - C:\AdwCleaner[s1].txt - [31937 octets] ########## RKreport (after scan and deletion) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mila [Admin rights] Mode : Remove -- Date : 03/17/2013 18:15:18 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] MailRuUpdater.exe -- C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe -> KILLED [TermProc] [sUSP PATH] magent.exe -- C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -> KILLED [TermProc] [sUSP PATH] jyoz.exe -- C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : MailRuUpdater (C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : MAgent (C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU) -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : {5D7CD965-7757-AD41-CDDB-B7CBEE1694D6} (C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe) -> DELETED [TASK][bLPATH] HPCustParticipation HP Deskjet 1050 J410 series : "C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0800 -> DELETED [TASK][sUSP PATH] {1CBEE9FE-DCC2-432C-A3B7-B683C72A8544} : C:\Windows\system32\pcalua.exe -a "C:\Users\mila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBQXYF18\jre-6u30-windows-i586-iftw.exe" -d C:\Users\mila\Desktop -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD25 00BEVT-60A23T0 SATA Disk Device +++++ --- User --- [MBR] aed9e5c403710bd171265864f1db41af [bSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 219301 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 449538048 | Size: 14910 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 480073728 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] fcb9dae80714008af1a744c186f4dd0d [bSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows 7 MBR Code Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 219301 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 449538048 | Size: 14910 Mo Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  8. NarutoGaiden
    Checkup.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security Advanced SystemCare Ultimate WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 30 Java version out of Date! Adobe Reader X (10.1.6) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` Attach.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2011 8:26:11 PM System Uptime: 3/17/2013 2:37:17 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 3577 Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 214 GiB total, 161.592 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.587 GiB free. E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 1/23/2013 8:34:08 PM - Windows Update RP83: 1/31/2013 6:47:56 PM - Windows Update RP84: 2/6/2013 7:32:44 PM - Windows Update RP85: 2/9/2013 8:58:16 PM - Windows Update RP86: 2/13/2013 9:38:32 AM - Windows Update RP87: 2/16/2013 6:24:39 PM - Windows Update RP88: 2/20/2013 10:02:23 PM - Windows Update RP89: 2/27/2013 11:47:30 PM - Windows Update RP90: 3/3/2013 7:34:08 PM - Removed Nuance PDF Reader. RP91: 3/17/2013 1:14:47 PM - Restore Operation . ==== Installed Programs ====================== . ?????? ??????????????? ?????????? ???????? ???????? Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) MUI Adobe Shockwave Player 11.5 Advanced SystemCare Ultimate 6 Agatha Christie - Peril at End House AllMusicConverter Media Suite 4.3.7 AMD APP SDK Runtime AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center AppGraffiti Ask Toolbar ATI Catalyst Install Manager BearShare Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chronicles of Albian Chuzzle Deluxe Compaq Setup Manager Coupon Printer for Windows CouponAlert Toolbar Cradle of Rome 2 CyberLink YouCam D3DX10 ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FATE Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Documentation HP Games HP Launch Box HP MovieStore HP On Screen Display HP Photo Creations HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Software Framework HP Support Assistant HP Update Inbox Toolbar Java Auto Updater Java 6 Update 30 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update Mah Jong Medley Mail.Ru ????? 6.0 (build 6015, for current user) Mail.Ru ??????? 2.4.1.74 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Norton Internet Security Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Ralink RT5390 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Recovery Manager RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) ShopAtHome.com Toolbar Skype™ 6.1 Slingo Supreme Smart PDF Converter Pro 6.3.0.467 Synaptics TouchPad Driver Translator 3.1 Toolbar Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Virtual Villagers 5 - New Believers WildTangent Games App (HP Games) Wincore MediaBar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 3/17/2013 2:38:03 PM, Error: Service Control Manager [7000] - The Coupon AlertService service failed to start due to the following error: The system cannot find the file specified. 3/17/2013 2:35:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/17/2013 2:34:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:34:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/17/2013 2:34:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/17/2013 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/17/2013 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/17/2013 2:33:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/17/2013 2:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/17/2013 2:31:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 3/17/2013 2:31:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c7d425, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031713-29296-01. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:17 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:31:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/17/2013 2:25:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 3/17/2013 2:25:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/17/2013 2:25:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/13/2013 7:18:31 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 3/13/2013 4:50:39 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86162 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly. 3/13/2013 11:13:36 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File =========================== DDS.txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by mila at 16:22:00 on 2013-03-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.1962 [GMT -4:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\SysWOW64\notepad.exe C:\Windows\system32\sppsvc.exe C:\Windows\explorer.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=1 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80308&lng=en mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80308 uURLSearchHooks: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll mURLSearchHooks: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - BHO: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - <orphaned> TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Translator 3.1 Toolbar: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - C:\Program Files (x86)\Translator_3.1\prxtbTran.dll TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll uRun: [MailRuUpdater] C:\Users\mila\AppData\Local\Mail.Ru\MailRuUpdater.exe uRun: [MAgent] C:\Users\mila\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart uRun: [{5D7CD965-7757-AD41-CDDB-B7CBEE1694D6}] C:\Users\mila\AppData\Roaming\Ylboi\jyoz.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [selectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{3AEFD89E-5580-48C8-9BE4-BF23D13EE80B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{BB4EA196-0088-427A-A8EF-6E67841AFD21} : DHCPNameServer = 192.168.1.254 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-15 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-15 40064] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-17 1384608] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130118.001\IDSviA64.sys [2013-1-20 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-24 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-17 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-6-17 365568] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-24 1817088] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-24 46136] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-6-17 9359872] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-6-17 309760] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-8-24 1857600] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-24 335464] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-24 436840] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-24 44672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253656] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-5-27 250880] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-17 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-14 1255736] S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-1-20 1051088] S4 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-1-20 621008] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-17 18:33:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{157A73C9-4ABD-4F01-89D7-010EE7191BE8}\mpengine.dll 2013-03-17 18:25:47 20480 ----a-w- C:\Windows\svchost.exe 2013-03-16 04:09:04 -------- d-----w- C:\ProgramData\4177 2013-03-04 22:19:40 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D3E2.tmp 2013-03-04 22:19:40 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D393.tmp 2013-02-28 18:47:42 -------- d-----w- C:\ProgramData\PC Optimizer Pro 2013-02-28 18:40:25 -------- d-----w- C:\Users\mila\AppData\Roaming\Zeon 2013-02-28 18:37:18 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-02-28 18:36:12 -------- d-----w- C:\ProgramData\APN 2013-02-16 23:30:45 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:30:44 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 03:37:35 -------- d-----r- C:\Program Files (x86)\Skype . ==================== Find3M ==================== . 2013-03-17 18:50:51 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-17 18:50:51 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 06:28:58 273840 ----a-w- C:\Windows\System32\MpSigStub.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 16:23:54.42 =============== Sorry that I wasn't able to reply fast. The computer was sluggish.
  9. NarutoGaiden
    I have a computer infected with the Svhost.exe *32 malware virus. It uses up all of the computers cpu and makes it basically unusable by crashing and slowing it down dramaticaly. I have already cleaned my computer from this malware along time ago, but there is another computer that I need to clean. So is there someone that can help me? I've already been throug the process on my computer, so I'll know what to expect, and I'll also been on for anyone kind enough to help me.
  10. NarutoGaiden

    Thanks for everything and for being patient! I probably wouldn't even be able to use my computer if it weren't for you!

  11. NarutoGaiden
    Well,now that I've updated my programs and did everything you told me to do,I think my computer is safe now.Thanks a lot!If I had money and credit card I would donate to you because you earned it! I will keep your preventative maintenance page as a bookmark just in case and thanks for everything!
  12. NarutoGaiden
    Here's the checkup file= a Results of screen317's Security Check version 0.99.51 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security Advanced SystemCare with Antivirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 4.0 Firefox out of Date! Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe IObit Advanced SystemCare with Antivirus 2013 ascsvc.exe IObit Advanced SystemCare with Antivirus 2013 ascavsvc.exe IObit Advanced SystemCare with Antivirus 2013 ASCTray.exe IObit Advanced SystemCare with Antivirus 2013 Suo10_SmartRAM.exe IObit IObit Malware Fighter IMFsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  13. NarutoGaiden
    I also think it might be a false detection and that it might not even exist but here's the log= aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-18 21:44:39 ----------------------------- 21:44:39.115 OS Version: Windows x64 6.1.7600 21:44:39.115 Number of processors: 2 586 0x603 21:44:39.116 ComputerName: DAVID-HP UserName: David 21:44:42.417 Initialize success 21:45:23.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072 21:45:23.528 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 11 21:45:23.548 Disk 0 MBR read successfully 21:45:23.550 Disk 0 MBR scan 21:45:23.553 Disk 0 Windows 7 default MBR code 21:45:23.558 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 21:45:23.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289675 MB offset 409600 21:45:23.590 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15266 MB offset 593664000 21:45:23.607 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768 21:45:23.652 Disk 0 scanning C:\Windows\system32\drivers 21:45:31.381 Service scanning 21:46:14.877 Modules scanning 21:46:14.885 Disk 0 trace - called modules: 21:46:14.939 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 21:46:15.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073ea060] 21:46:15.280 3 CLASSPNP.SYS[fffff88001a8c43f] -> nt!IofCallDriver -> [0xfffffa80072ff760] 21:46:15.286 5 amd_xata.sys[fffff880010f77a8] -> nt!IofCallDriver -> \Device\00000072[0xfffffa80072fd060] 21:46:15.293 Scan finished successfully 21:46:37.177 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat" 21:46:37.183 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
  14. NarutoGaiden
    Here's the log file= RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Scan -- Date : 10/18/2012 21:19:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][PREVRUN] {110E7402-996E-4F7D-A894-8910AE3C84B4} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\XvidSetup (1).exe" -d C:\Users\David\Desktop -> FOUND [TASK][PREVRUN] {D96301CF-100A-4432-A8CD-D3433714F810} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke\Setup.exe" -d "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke" -> FOUND [TASK][PREVRUN] {EB517B38-BE6E-4AC1-BCF7-222A05B03EF4} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\chromeinstall (1).exe" -d C:\Users\David\Downloads -> FOUND [TASK][PREVRUN] {FEE56FF8-FFFE-49C9-8D4F-CD5AE73F5812} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Downloads\Minecraft Installer 1.7.2.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSX SATA Disk Device +++++ --- User --- [MBR] 993ddd5f92796248a77b186a1a330426 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289675 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 593664000 | Size: 15266 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 38352929c2d780a90a22d37c561431a2 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 2000 Mo Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  15. NarutoGaiden
    Well thanks for replying quickly and helping me. Here's the log file= Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.18.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-HP [administrator] 10/18/2012 8:16:53 PM mbam-log-2012-10-18 (20-16-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222448 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) By the looks of it,I think the Zero Access and Svhost *32 are gone,but I can't be too sure.
  16. NarutoGaiden
    Well,I did clicked delete and when I went to my browser(google chrome)everything was default but I figures out how to get everything back.Anyway, here's the file= # AdwCleaner v2.005 - Logfile created 10/18/2012 at 19:59:15 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : David - DAVID-HP # Boot Mode : Normal # Running from : C:\Users\David\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\user.js Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\Program Files (x86)\Smartdl Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\iWin Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\David\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\David\AppData\LocalLow\Conduit Folder Deleted : C:\Users\David\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\David\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\David\AppData\Roaming\Babylon Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\extensions\ffxtlbr@babylon.com ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\PlaySushi Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d --> hxxp://www.google.com -\\ Mozilla Firefox v4.0 (en-US) Profile name : default File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\prefs.js C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\user.js ... Deleted ! Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsr[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110195&tt=040912_ctrl_3612_4"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 28); Deleted : user_pref("extensions.BabylonToolbar.cntry", "US"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "623AF4EA78E3B4FE217AE973B3C2142A"); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "a85922780000000000000aa3c401ab5d"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15588"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=KW[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 28); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.127:24:18"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "4.0"); Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); Deleted : user_pref("extensions.BabylonToolbar.newTab", false); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...] Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 74192631); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.sg", "azb"); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.127:24:18"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=040912_ctrl_3612_4"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a85922780000000000000aa3c401ab5d"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "a85922780000000000000aa3c401ab5d"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15458"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.127:24:18"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,battlefieldplay[...] Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=KW_ss[...] Deleted : user_pref("playsushi.position.button", true); -\\ Google Chrome v22.0.1229.94 File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d" ] Deleted [l.2981] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d" ] ************************* AdwCleaner[R1].txt - [11134 octets] - [18/10/2012 19:39:27] AdwCleaner[s1].txt - [11201 octets] - [18/10/2012 19:59:15] ########## EOF - C:\AdwCleaner[s1].txt - [11262 octets] ##########
  17. NarutoGaiden
    Well here's the log file= # AdwCleaner v2.005 - Logfile created 10/18/2012 at 19:39:27 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : David - DAVID-HP # Boot Mode : Normal # Running from : C:\Users\David\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\user.js Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Common Files\spigot Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\Program Files (x86)\Smartdl Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\iWin Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\David\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\David\AppData\LocalLow\Conduit Folder Found : C:\Users\David\AppData\LocalLow\Search Settings Folder Found : C:\Users\David\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\David\AppData\Roaming\Babylon Folder Found : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\extensions\ffxtlbr@babylon.com ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\PlaySushi Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\Software\Application Updater Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-3657751437-2842971331-3584950573-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-3657751437-2842971331-3584950573-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d -\\ Mozilla Firefox v4.0 (en-US) Profile name : default File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\prefs.js Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsr[...] Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4[...] Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=110195&tt=040912_ctrl_3612_4"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 28); Found : user_pref("extensions.BabylonToolbar.cntry", "US"); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltSrch", true); Found : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Found : user_pref("extensions.BabylonToolbar.excTlbr", false); Found : user_pref("extensions.BabylonToolbar.hdrMd5", "623AF4EA78E3B4FE217AE973B3C2142A"); Found : user_pref("extensions.BabylonToolbar.hmpg", true); Found : user_pref("extensions.BabylonToolbar.id", "a85922780000000000000aa3c401ab5d"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15588"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=KW[...] Found : user_pref("extensions.BabylonToolbar.lastDP", 28); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.127:24:18"); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "4.0"); Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); Found : user_pref("extensions.BabylonToolbar.newTab", false); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...] Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 74192631); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.sg", "azb"); Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.127:24:18"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=040912_ctrl_3612_4"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "a85922780000000000000aa3c401ab5d"); Found : user_pref("extensions.BabylonToolbar_i.id", "a85922780000000000000aa3c401ab5d"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15458"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.127:24:18"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,battlefieldplay[...] Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=KW_ss[...] Found : user_pref("playsushi.position.button", true); -\\ Google Chrome v22.0.1229.94 File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d" ] Found [l.2967] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d" ] ************************* AdwCleaner[R1].txt - [11043 octets] - [18/10/2012 19:39:27] ########## EOF - C:\AdwCleaner[R1].txt - [11104 octets] ##########
  18. NarutoGaiden
    Here's the Combo Fix log= ComboFix 12-10-18.03 - David 10/18/2012 18:35:45.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.7931.6290 [GMT -4:00] Running from: c:\users\David\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\0.bak C:\install.exe c:\program files (x86)\iWin Games\iWinGamesHookIE.dll c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\icon.ico c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe c:\programdata\Microsoft\Windows\DRM\EE78.tmp c:\programdata\Microsoft\Windows\DRM\EE79.tmp c:\programdata\QuestScan c:\users\David\AppData\Roaming\iemspm.dll c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\searchplugins\bing-zugo.xml c:\users\David\AppData\Roaming\result.db c:\users\David\AppData\Roaming\seltag.dll c:\windows\svchost.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll c:\windows\wt . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))) . . 2012-12-26 01:25 . 2012-12-26 01:25 -------- d-----w- c:\users\David\AppData\Roaming\dvdcss 2012-12-25 15:11 . 2012-12-25 15:11 -------- d-----w- c:\programdata\LightScribe 2012-10-18 22:53 . 2012-10-18 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-18 21:44 . 2012-10-18 22:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-18 03:33 . 2012-10-18 04:02 -------- d-----w- c:\users\David\AppData\Roaming\DMCache 2012-10-17 22:02 . 2012-10-18 12:17 -------- d-----w- c:\users\David\AppData\Roaming\.minecraft 2012-10-17 04:22 . 2012-10-17 04:22 -------- d-----w- c:\windows\Downloaded Program Files 2012-10-17 04:03 . 2012-10-18 22:58 -------- d-----w- c:\users\David\AppData\Local\Temp 2012-10-17 04:03 . 2012-10-17 04:03 -------- d-----w- c:\windows\system32\wbem\Logs 2012-10-17 03:50 . 2012-10-17 03:50 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2012-10-17 03:50 . 2012-10-17 03:50 -------- d-----w- c:\program files (x86)\ParetoLogic 2012-10-17 03:36 . 2012-10-17 03:36 -------- d-----w- c:\users\David\AppData\Roaming\ParetoLogic 2012-10-17 03:35 . 2012-10-17 03:50 -------- d-----w- c:\programdata\ParetoLogic 2012-10-09 12:11 . 2012-10-09 12:11 -------- d-----w- c:\program files\CPUID 2012-10-09 01:51 . 2012-10-09 01:51 -------- d-----w- c:\users\David\AppData\Roaming\PDAppFlex 2012-10-07 17:01 . 2012-10-07 17:01 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-10-07 16:58 . 2012-10-07 17:00 -------- d-----w- c:\program files\Adobe 2012-10-07 16:52 . 2012-10-07 17:01 -------- d-----w- c:\program files\Common Files\Adobe 2012-10-07 14:21 . 2012-10-07 14:52 -------- d-----w- C:\Adobe Photoshop CS6 2012-10-07 14:16 . 2012-10-07 14:16 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-10-07 04:04 . 2012-10-07 04:04 -------- d-----w- c:\users\David\AppData\Roaming\SystemRequirementsLab 2012-10-05 22:03 . 2012-10-05 22:03 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-10-05 22:03 . 2012-10-05 22:03 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-10-05 22:01 . 2012-10-05 22:01 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-05 22:01 . 2012-10-05 22:01 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-10-05 21:44 . 2012-10-05 21:44 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-10-05 21:44 . 2012-10-05 21:44 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-10-05 21:44 . 2012-10-05 21:44 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-10-05 21:44 . 2012-10-05 21:44 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-10-05 21:44 . 2012-10-05 21:44 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-10-05 21:44 . 2012-10-05 21:44 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-10-05 21:44 . 2012-10-05 21:44 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-10-05 21:44 . 2012-10-05 21:44 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-10-05 21:44 . 2012-10-05 21:44 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-10-05 21:44 . 2012-10-05 21:44 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-10-02 08:24 . 2012-10-02 08:24 -------- d-----w- c:\users\Default\AppData\Roaming\IObit 2012-10-02 04:05 . 2012-10-02 04:05 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-02 04:01 . 2012-10-02 04:01 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-10-02 04:01 . 2012-10-02 04:01 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-10-02 04:00 . 2012-10-02 04:00 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-10-02 04:00 . 2012-10-02 04:00 67584 ----a-w- c:\windows\splwow64.exe 2012-10-02 04:00 . 2012-10-02 04:00 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-10-02 04:00 . 2012-10-02 04:00 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-10-02 03:59 . 2012-10-02 03:59 136704 ----a-w- c:\windows\system32\browser.dll 2012-10-02 03:59 . 2012-10-02 03:59 58880 ----a-w- c:\windows\system32\browcli.dll 2012-10-02 03:59 . 2012-10-02 03:59 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-10-02 03:59 . 2012-10-02 03:59 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-10-02 03:57 . 2012-10-02 03:57 503808 ----a-w- c:\windows\system32\srcore.dll 2012-10-02 03:57 . 2012-10-02 03:57 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-10-02 03:57 . 2012-10-02 03:57 956416 ----a-w- c:\windows\system32\localspl.dll 2012-10-02 03:56 . 2012-10-02 03:56 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 03:56 . 2012-10-02 03:56 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-10-02 03:56 . 2012-10-02 03:56 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-10-02 03:56 . 2012-10-02 03:56 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-10-02 03:56 . 2012-10-02 03:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-10-02 03:55 . 2012-10-02 03:55 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-02 03:55 . 2012-10-02 03:55 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-10-02 03:55 . 2012-10-02 03:55 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-02 03:55 . 2012-10-02 03:55 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-02 03:55 . 2012-10-02 03:55 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-02 03:55 . 2012-10-02 03:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-02 03:54 . 2012-10-02 03:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-10-02 03:54 . 2012-10-02 03:54 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-10-02 03:54 . 2012-10-02 03:54 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-10-02 03:54 . 2012-10-02 03:54 340992 ----a-w- c:\windows\system32\schannel.dll 2012-10-02 03:54 . 2012-10-02 03:54 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-02 03:54 . 2012-10-02 03:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-10-02 03:54 . 2012-10-02 03:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-10-02 03:54 . 2012-10-02 03:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-10-02 03:54 . 2012-10-02 03:54 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-10-02 03:53 . 2012-10-02 03:53 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-10-02 03:53 . 2012-10-02 03:53 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-10-02 03:53 . 2012-10-02 03:53 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-10-02 03:52 . 2012-10-02 03:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-10-02 03:52 . 2012-10-02 03:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-10-02 03:52 . 2012-10-02 03:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-10-02 03:52 . 2012-10-02 03:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-10-02 03:45 . 2012-10-02 03:45 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-10-02 03:45 . 2012-10-02 03:45 3213824 ----a-w- c:\windows\system32\msi.dll 2012-10-02 03:45 . 2012-10-02 03:45 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-10-02 03:45 . 2012-10-02 03:45 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-02 03:45 . 2012-10-02 03:45 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-02 03:45 . 2012-10-02 03:45 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-02 02:05 . 2012-10-02 02:05 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes 2012-10-02 02:05 . 2012-10-02 02:05 -------- d-----w- c:\programdata\Malwarebytes 2012-10-02 02:05 . 2012-10-18 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-02 02:05 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-29 13:52 . 2011-11-21 22:59 329800 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-09-29 13:52 . 2011-03-24 19:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-09-29 13:52 . 2012-09-29 13:52 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690} 2012-09-29 13:52 . 2012-09-29 13:52 -------- d-----w- c:\programdata\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588} 2012-09-29 04:39 . 2012-09-29 04:39 -------- d-----w- c:\program files\Enigma Software Group 2012-09-29 04:39 . 2012-09-29 13:14 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP 2012-09-29 04:38 . 2012-09-29 04:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-09-28 22:21 . 2012-09-28 22:21 -------- d-----w- c:\programdata\Roblox 2012-09-28 22:10 . 2012-09-28 22:10 -------- d-----w- c:\program files (x86)\Roblox 2012-09-27 23:04 . 2012-09-27 23:04 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-09-26 20:58 . 2012-09-26 20:58 -------- d-----w- c:\program files\Symantec 2012-09-26 20:58 . 2012-09-26 20:58 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-09-26 20:57 . 2012-09-26 20:57 -------- d-----w- c:\program files (x86)\Norton Internet Security 2012-09-26 10:37 . 2012-09-26 10:37 -------- d-----w- c:\users\David\AppData\Roaming\RotMG.Production 2012-09-26 01:04 . 2012-09-26 20:58 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-09-26 01:01 . 2012-09-26 01:01 -------- d-----w- c:\windows\system32\drivers\NISx64 2012-09-25 02:57 . 2012-09-25 02:57 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS 2012-09-25 02:56 . 2012-09-26 01:41 -------- d-----w- c:\users\David\AppData\Local\NPE 2012-09-24 03:02 . 2012-09-24 03:02 -------- d-----w- c:\program files (x86)\uTorrent 2012-09-20 23:18 . 2012-09-20 23:18 -------- d-----w- c:\programdata\ATI 2012-09-20 23:17 . 2012-09-20 23:17 -------- d-----w- c:\program files (x86)\AMD AVT 2012-09-20 23:17 . 2012-09-20 23:17 -------- d-----w- c:\program files (x86)\AMD APP 2012-09-20 23:15 . 2012-09-20 23:16 -------- d-----w- c:\program files\ATI Technologies 2012-09-20 23:04 . 2012-09-20 23:04 -------- d-----w- C:\AMD 2012-09-20 02:48 . 2012-09-20 02:49 -------- d-----w- c:\program files (x86)\Coupons 2012-09-20 02:48 . 2012-09-20 02:48 -------- d-----w- c:\users\David\AppData\Roaming\HpUpdate 2012-09-19 21:17 . 2012-09-19 21:17 -------- d-----w- c:\users\David\AppData\Local\fontconfig 2012-09-19 21:17 . 2012-09-25 12:12 -------- d-----w- c:\users\David\.gimp-2.8 2012-09-19 21:17 . 2012-09-19 21:17 -------- d-----w- c:\users\David\AppData\Local\gegl-0.2 2012-09-19 21:15 . 2012-09-19 21:16 -------- d-----w- c:\program files\GIMP 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 22:24 . 2012-04-19 20:18 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 22:24 . 2011-05-22 21:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 21:31 . 2012-09-14 21:31 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll 2012-09-14 21:31 . 2012-09-14 21:31 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll 2012-09-14 21:31 . 2012-09-14 21:31 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll 2012-09-08 04:24 . 2012-09-08 04:25 95208 ------w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-08 04:24 . 2012-08-23 10:20 821736 ------w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-08 04:24 . 2011-01-14 18:21 746984 ------w- c:\windows\SysWow64\deployJava1.dll 2012-09-05 11:05 . 2012-09-05 11:06 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-05 11:05 . 2011-01-14 18:21 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 17:59 . 2012-08-28 17:59 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll 2012-08-28 17:59 . 2012-08-28 17:59 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll 2012-08-28 17:59 . 2012-08-28 17:59 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll 2012-08-28 17:59 . 2012-08-28 17:59 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll 2012-08-28 17:59 . 2012-08-28 17:59 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll 2012-08-28 17:59 . 2012-08-28 17:59 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll 2012-08-28 17:59 . 2012-08-28 17:59 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll 2012-08-28 17:59 . 2012-08-28 17:59 460664 ----a-r- c:\windows\SysWow64\IS3DBA5.dll 2012-08-28 17:59 . 2012-08-28 17:59 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll 2012-08-24 02:29 . 2012-09-05 11:06 190752 ----a-w- c:\windows\system32\javaws.exe 2012-08-24 02:29 . 2012-09-05 11:06 171808 ----a-w- c:\windows\system32\javaw.exe 2012-08-24 02:29 . 2012-09-05 11:06 171808 ----a-w- c:\windows\system32\java.exe 2012-08-12 19:09 . 2011-11-30 00:20 234768 ------w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-12 19:09 . 2011-06-06 16:03 234768 ------w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-12 19:08 . 2011-06-06 16:03 75136 ------w- c:\windows\SysWow64\PnkBstrA.exe 2010-01-26 15:11 . 2012-08-31 02:52 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" [2012-07-26 299392] "SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare with Antivirus 2013\suo10_smartram.exe" [2012-07-20 428928] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 136176] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 jc4z;jc4z;c:\windows\System32\config\systemprofile\AppData\Roaming\go1d.bat [x] R2 Port Forward.exe;Port Forward; [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 cpuz135;cpuz135;c:\users\David\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-10-05 452096] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2011-10-04 244736] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-08-26 35256] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2012-09-25 95392] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1401010.002\SYMDS64.SYS [2012-07-28 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1401010.002\ccSetx64.sys [2012-08-07 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121017.001\IDSvia64.sys [2012-09-26 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1401010.002\Ironx64.SYS [2012-07-28 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1401010.002\SYMNETS.SYS [2012-07-23 432800] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [2012-07-26 514432] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-28 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560] S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [2012-08-23 906112] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928] S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2012-04-24 390632] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-28 10210304] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-28 317952] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-10 138912] S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2011-10-05 34040] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-22 333416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:25] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 18:42] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 18:42] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657751437-2842971331-3584950573-1001Core.job - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 17:16] . 2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657751437-2842971331-3584950573-1001UA.job - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 17:16] . 2012-10-18 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-10-17 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25] . 2012-10-18 c:\windows\Tasks\ReclaimerUpdateFiles_David.job - c:\users\David\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-20 22:43] . 2012-10-18 c:\windows\Tasks\ReclaimerUpdateXML_David.job - c:\users\David\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-20 22:43] . 2012-10-17 c:\windows\Tasks\RegCure Pro.job - c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-17 23:47] . 2012-10-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_David.job - c:\users\David\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-20 22:43] . 2012-10-18 c:\windows\Tasks\SpeedMaxPc Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1] @="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}" [HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}] 2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2] @="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}" [HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}] 2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3] @="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}" [HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}] 2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=KW_ss&mntrId=a85922780000000000000aa3c401ab5d&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-08-22 21:14; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-08-25 15:40; ytd@mybrowserbar.com; c:\program files (x86)\YTD Toolbar\FF FF - ExtSQL: 2012-09-05 07:24; ffxtlbr@babylon.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\extensions\ffxtlbr@babylon.com FF - user.js: extensions.BabylonToolbar_i.id - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar_i.hardId - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15458 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a85922780000000000000aa3c401ab5d&q= FF - user.js: extensions.BabylonToolbar.id - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15588 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.127:24 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=040912_ctrl_3612_4 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . - - - - ORPHANS REMOVED - - - - . Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-Run-Advanced SystemCare 5 - c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe SafeBoot-05867839.sys SafeBoot-99908518.sys HKLM-Run-SynTPEnh - c:\program files (x86)\synaptics\syntp\syntpenh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.1.1.2\diMaster.dll\" /prefetch:1" "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z [\]^_ \00\00 \00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ \00\00 \00\00\00\00„\00\00\00\00\00\00\00‘’“" . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\jc4z] "ImagePath"="%SystemRoot%\System32\config\systemprofile\AppData\Roaming\go1d.bat" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe c:\program files (x86)\IObit\Game Booster 3\gbtray.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\cltLMH.exe . ************************************************************************** . Completion time: 2012-10-18 19:04:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-18 23:04 . Pre-Run: 221,303,291,904 bytes free Post-Run: 220,889,202,688 bytes free . - - End Of File - - 0FD2439E7A9ACAA1D8F66F9AE3D7EA9A
  19. NarutoGaiden
    Okay,so here's my result file= ListParts by Farbar Version: 16-10-2012 Ran by David (administrator) on 18-10-2012 at 18:07:41 Windows 7 (X64) Running From: C:\Users\David\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 22% Total physical RAM: 7930.9 MB Available physical RAM: 6134.68 MB Total Pagefile: 15859.95 MB Available Pagefile: 13542.41 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:282.89 GB) (Free:205.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (RECOVERY) (Fixed) (Total:14.91 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 282 GB 200 MB Partition 3 Primary 14 GB 283 GB Partition 4 Primary 103 MB 297 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 282 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D RECOVERY NTFS Partition 14 GB Healthy ====================================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy ====================================================================================================== ****** End Of Log ****** And my other three logs should be attached. TDSSKiller.2.8.13.0_18.10.2012_17.30.30_log.txt TDSSKiller.2.8.13.0_18.10.2012_17.37.28_log.txt TDSSKiller.2.8.13.0_18.10.2012_17.51.46_log.txt
  20. NarutoGaiden
    Ok, so here's my DDS file= DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by David at 21:11:48 on 2012-10-17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.7931.5087 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\iWin Games\iWinTrusted.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo64.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Users\David\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Users\David\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRAM FILES (X86)\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP QUICK LAUNCH\HPMSGSVC.EXE C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP ON SCREEN DISPLAY\HPOSD.EXE C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE C:\PROGRAM FILES (X86)\LOGMEIN HAMACHI\HAMACHI-2-UI.EXE C:\PROGRAM FILES\IDT\WDM\STTRAY64.EXE C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\conhost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe" /AutoStart uRun: [smartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\suo10_smartram.exe" /m uRun: [AdobeBridge] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRunOnce: [1] C:\Users\David\AppData\Local\Temp\Rar$EX41.616\mbam-chameleon.exe /r /p dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart dRun: [XSECVA] "C:\Windows\System32\config\systemprofile\AppData\Roaming\xsecva\xsecva.exe" -s dRun: [] C:\Windows\Temp\nwesxorcam.exe uPolicies-Explorer: HideSCAHealth = dword:1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - <orphaned> IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\1457265727E6D27657563747 : DHCPNameServer = 69.1.30.3 69.1.30.2 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\361627F6C696E656 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\36963736F63726 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\7796C637F6E6 : DHCPNameServer = 192.168.2.1 192.168.1.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\B696E67637C65697436343D27657563747 : DHCPNameServer = 69.1.30.3 69.1.30.2 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\D4F445D213D27334 : DHCPNameServer = 192.168.15.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\E4544574541425 : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [ctfmon] ctfmon.exe x64-Run: [synTPEnh] C:\Program Files (x86)\synaptics\syntp\syntpenh.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=HP_ss&mntrId=a85922780000000000000aa3c401ab5d FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=040912_ctrl_3612_4&babsrc=KW_ss&mntrId=a85922780000000000000aa3c401ab5d&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\David\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\NPRobloxProxy.dll FF - plugin: C:\Users\David\AppData\Local\Roblox\Versions\version-d18531733302454e\NPRobloxProxy.dll FF - plugin: C:\Users\David\AppData\Local\Roblox\Versions\version-f23119393382428e\NPRobloxProxy.dll FF - plugin: C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-08-22 21:14; {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-08-25 15:40; ytd@mybrowserbar.com; C:\Program Files (x86)\YTD Toolbar\FF FF - ExtSQL: 2012-09-05 07:24; ffxtlbr@babylon.com; C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\thd9g5yj.default\extensions\ffxtlbr@babylon.com . ---- FIREFOX POLICIES ---- . . FF - user.js: extensions.BabylonToolbar_i.id - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar_i.hardId - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15458 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . . FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a85922780000000000000aa3c401ab5d&q= FF - user.js: extensions.BabylonToolbar.id - a85922780000000000000aa3c401ab5d FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15588 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.127:24:18 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=040912_ctrl_3612_4 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-8-12 17720] R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2012-9-24 95392] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1401010.002\SymDS64.sys [2012-9-26 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1401010.002\SymEFA64.sys [2012-9-26 1132192] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1401010.002\ccSetx64.sys [2012-9-26 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSviA64.sys [2012-10-16 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1401010.002\Ironx64.sys [2012-9-26 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1401010.002\symnets.sys [2012-9-26 432800] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe [2012-9-29 514432] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560] R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe [2012-9-29 906112] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-8-12 821592] R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe [2012-9-26 143928] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-16 390632] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-15 46136] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-9-28 10210304] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-9-28 317952] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-12 138912] R3 MusCAudio;MusCAudio;C:\Windows\System32\drivers\MusCAudio.sys [2011-11-9 34040] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-15 333416] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-15 38528] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-6 136176] S2 jc4z;jc4z;C:\Windows\System32\config\systemprofile\AppData\Roaming\go1d.bat --> C:\Windows\System32\config\systemprofile\AppData\Roaming\go1d.bat [?] S2 Port Forward.exe;Port Forward; [x] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250808] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-8-12 21384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-11-9 452096] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-6 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;"C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" --> C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-8-12 33224] S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-11-9 244736] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-8-12 21904] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-6 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-5-15 14544] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2012-9-29 35256] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-25 15:11:11 -------- d-----w- C:\ProgramData\LightScribe 2012-10-17 22:02:14 -------- d-----w- C:\Users\David\AppData\Roaming\.minecraft 2012-10-17 04:30:16 20480 ----a-w- C:\Windows\svchost.exe 2012-10-17 04:22:52 -------- d-----w- C:\Windows\Downloaded Program Files 2012-10-17 04:03:03 -------- d-----w- C:\Users\David\AppData\Local\Temp 2012-10-17 04:03:00 -------- d-----w- C:\Windows\System32\wbem\Logs 2012-10-17 03:50:20 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic 2012-10-17 03:50:18 -------- d-----w- C:\Program Files (x86)\ParetoLogic 2012-10-17 03:36:23 -------- d-----w- C:\Users\David\AppData\Roaming\ParetoLogic 2012-10-17 03:35:09 -------- d-----w- C:\ProgramData\ParetoLogic 2012-10-09 12:11:51 -------- d-----w- C:\Program Files\CPUID 2012-10-09 01:51:50 -------- d-----w- C:\Users\David\AppData\Roaming\PDAppFlex 2012-10-08 23:43:59 -------- d-----w- C:\Users\David\AppData\Local\{8AC7D73F-97AE-49F0-8CB0-0064999AFC00} 2012-10-07 17:01:56 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-07 14:21:24 -------- d-----w- C:\Adobe Photoshop CS6 2012-10-07 14:16:43 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant 2012-10-05 22:03:32 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-10-05 22:03:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-10-05 22:01:21 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-05 22:01:08 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-10-05 21:44:51 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-10-05 21:44:51 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-10-05 21:44:51 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-10-05 21:44:51 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-10-05 21:44:51 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-10-05 21:44:51 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-10-05 21:44:51 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-10-05 21:44:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-10-05 21:44:50 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-10-05 21:44:50 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-10-02 04:01:37 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-10-02 04:01:37 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-10-02 04:00:21 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-10-02 04:00:21 67584 ----a-w- C:\Windows\splwow64.exe 2012-10-02 04:00:21 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-10-02 04:00:21 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-10-02 03:59:39 136704 ----a-w- C:\Windows\System32\browser.dll 2012-10-02 03:59:38 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-10-02 03:59:38 41472 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-10-02 03:57:58 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-10-02 03:57:58 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-10-02 03:57:25 956416 ----a-w- C:\Windows\System32\localspl.dll 2012-10-02 03:56:51 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-10-02 03:56:19 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-10-02 03:56:19 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-10-02 03:56:19 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-10-02 03:56:19 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-02 03:55:34 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-02 03:55:34 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-02 03:55:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-02 03:55:34 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-02 03:55:34 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-02 03:55:34 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-02 03:54:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-10-02 03:54:30 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-10-02 03:54:30 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-10-02 03:54:30 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-10-02 03:54:30 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-10-02 03:54:30 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-10-02 03:54:30 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-10-02 03:54:30 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-10-02 03:54:30 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-10-02 03:53:25 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-10-02 03:53:25 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-10-02 03:52:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-10-02 03:52:43 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-10-02 03:52:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-10-02 03:52:28 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-10-02 03:45:55 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-10-02 03:45:39 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-10-02 03:45:39 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-10-02 03:45:13 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-02 03:45:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-02 03:45:13 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-02 02:05:28 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes 2012-10-02 02:05:03 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-02 02:05:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-02 02:05:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-29 13:52:47 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys 2012-09-29 13:52:38 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys 2012-09-29 13:52:31 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} 2012-09-29 13:52:23 -------- d-----w- C:\ProgramData\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588} 2012-09-29 04:39:59 -------- d-----w- C:\Program Files\Enigma Software Group 2012-09-29 04:39:01 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP 2012-09-29 04:38:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-09-28 22:21:13 -------- d-----w- C:\ProgramData\Roblox 2012-09-28 22:10:12 -------- d-----w- C:\Program Files (x86)\Roblox 2012-09-27 23:04:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-09-26 20:58:46 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-09-26 20:58:46 -------- d-----w- C:\Program Files\Symantec 2012-09-26 20:57:56 776352 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\srtsp64.sys 2012-09-26 20:57:56 493216 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\SymDS64.sys 2012-09-26 20:57:56 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\symnets.sys 2012-09-26 20:57:56 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\srtspx64.sys 2012-09-26 20:57:56 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\SymELAM.sys 2012-09-26 20:57:56 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\Ironx64.sys 2012-09-26 20:57:56 1132192 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\SymEFA64.sys 2012-09-26 20:57:55 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1401010.002\ccSetx64.sys 2012-09-26 20:57:43 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2012-09-26 10:37:33 -------- d-----w- C:\Users\David\AppData\Roaming\RotMG.Production 2012-09-26 01:04:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-09-26 01:01:59 -------- d-----w- C:\Windows\System32\drivers\NISx64\1401010.002 2012-09-26 01:01:59 -------- d-----w- C:\Windows\System32\drivers\NISx64 2012-09-25 02:57:25 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS 2012-09-25 02:56:34 -------- d-----w- C:\Users\David\AppData\Local\NPE 2012-09-24 03:02:48 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-09-20 23:17:57 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-09-20 23:17:46 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-09-20 23:15:22 -------- d-----w- C:\Program Files\ATI Technologies 2012-09-20 23:04:47 -------- d-----w- C:\AMD 2012-09-20 03:02:45 -------- d-----w- C:\Users\David\AppData\Local\{D673722C-72C7-4F97-B5B3-E7F0178EB8E9} 2012-09-20 02:48:59 -------- d-----w- C:\Program Files (x86)\Coupons 2012-09-20 02:48:43 -------- d-----w- C:\Users\David\AppData\Roaming\HpUpdate 2012-09-19 21:17:54 -------- d-----w- C:\Users\David\AppData\Local\fontconfig 2012-09-19 21:17:53 -------- d-----w- C:\Users\David\.gimp-2.8 2012-09-19 21:17:52 -------- d-----w- C:\Users\David\AppData\Local\gegl-0.2 2012-09-19 21:15:34 -------- d-----w- C:\Program Files\GIMP 2 . ==================== Find3M ==================== . 2012-10-08 22:24:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 22:24:56 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-02 04:04:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-02 04:04:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-02 04:04:43 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-02 04:04:43 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-02 04:04:43 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-02 04:04:43 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-02 04:04:43 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-02 04:04:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-02 04:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-02 04:04:43 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-02 04:04:43 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-02 04:04:43 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-09-14 21:31:40 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll 2012-09-14 21:31:28 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll 2012-09-14 21:31:24 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll 2012-09-08 04:24:41 95208 ------w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-08 04:24:39 821736 ------w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-08 04:24:39 746984 ------w- C:\Windows\SysWow64\deployJava1.dll 2012-09-05 11:05:53 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-05 11:05:53 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-02 13:09:34 1603072 ----a-w- C:\Users\David\AppData\Roaming\iemspm.dll 2012-08-30 23:09:24 1586176 ----a-w- C:\Users\David\AppData\Roaming\seltag.dll 2012-08-28 17:59:32 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll 2012-08-28 17:59:32 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll 2012-08-28 17:59:30 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll 2012-08-28 17:59:30 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll 2012-08-28 17:59:24 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll 2012-08-28 17:59:22 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll 2012-08-28 17:59:20 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll 2012-08-28 17:59:20 460664 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll 2012-08-28 17:59:18 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll 2012-08-12 19:09:07 234768 ------w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-08-12 19:09:07 234768 ------w- C:\Windows\SysWow64\PnkBstrB.exe 2012-08-12 19:08:59 75136 ------w- C:\Windows\SysWow64\PnkBstrA.exe 2012-07-20 17:24:42 24960 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe 2010-01-26 15:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe . ============= FINISH: 21:13:25.75 =============== DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/6/2011 1:53:37 AM System Uptime: 10/17/2012 3:34:33 PM (6 hours ago) . Motherboard: Hewlett-Packard | | 1697 Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 208.019 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.833 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP280: 10/16/2012 6:02:43 PM - Installed Microsoft Fix it 50123 RP281: 10/16/2012 6:22:42 PM - IObit Uninstaller restore point RP282: 10/16/2012 6:24:03 PM - IObit Uninstaller restore point RP283: 10/16/2012 6:25:46 PM - IObit Uninstaller restore point RP284: 10/16/2012 11:48:09 PM - IObit Uninstaller restore point RP285: 10/16/2012 11:54:44 PM - RegCure Pro Backup . ==== Installed Programs ====================== . Leawo MP4 Converter version 4.1.0.1 4Media PS3 Video Converter 4Sync 7-Zip 9.20 (x64 edition) Ace of Spades Action Replay DSi Code Manager ActiveCheck component for HP Active Support Library Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader 9.5.0 MUI Adobe Shockwave Player 11.6 Advanced SystemCare with Antivirus 2013 Algodoo Phun edition v5.28 AllMusicConverter 4.2.9 AllMusicConverter Media Suite 4.2.9 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Mobile Device Support Apple Software Update Art Effects for PDR10 Atheros Driver Installation Program µTorrent Bandicam Bandisoft MPEG-1 Decoder BattlEye (A2Free) Uninstall Bing Bar Bing Bar Platform Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony Build-a-lot 4 - Power Source Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ConverterLite 0.1 Coupon Printer for Windows CPUID CPU-Z 1.61.5 CraftBukkit CyberLink DVD Suite CyberLink YouCam D3DX10 Desura Energy Star Digital Logo ESU for Microsoft Windows 7 Farm Frenzy FATE FATE - The Traitor Soul FATE - Undiscovered Realms ffdshow [rev 3154] [2009-12-09] Fraps (remove only) FYZip 1.00 Game Booster 3 GIMP 2.8.2 Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.1.0.0 HP Auto HP Client Services HP CloudDrive HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Documentation HP Games HP MovieStore HP On Screen Display HP Photo Creations HP Power Manager HP Product Detection HP Quick Launch HP Setup HP Setup Manager HP Software Framework HP Support Assistant HP Update HP Wireless Assistant HPAsset component for HP Active Support Library HyperCam 2 iCoolsoft AAC Converter IDT Audio IL Shared Libraries IObit Malware Fighter IObit Unlocker iWin Games (remove only) Java 7 Update 7 Java Auto Updater Java 6 Update 26 (64-bit) Java SE Development Kit 6 Update 26 (64-bit) Junk Mail filter update K-Lite Codec Pack 7.6.0 (Basic) LabelPrint LightScribe System Software LogMeIn Hamachi Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MinecraftCrack MotioninJoy DS3 driver version 0.6.0005 Mozilla Firefox 4.0 (x86 en-US) MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Norton Internet Security Notepad++ NVIDIA PhysX OpenAL Pando Media Booster PDF Settings CS6 Plants Vs Zombies: Game of the Year Edition (remove only) Plants vs. Zombies Plants vs. Zombies - Game of the Year Edition PlayReady PC Runtime x86 Power2Go Prolog+CG 2.0.15 PunkBuster Services Realm of the Mad God RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek PCIE Card Reader RealUpgrade 1.1 Recovery Manager RegCure Pro ROBLOX Player ROBLOX Studio 2.0 Beta RoxioNow Player Search Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Click to Call Skype™ 5.10 Smart Defrag 2 SpongeBob Atlantis SquareOff Steam swMSM Synaptics Pointing Device Driver Terraria 1.1.2 Unity Web Player Unlocker 1.9.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VDownloader 3.9.1300 Vegas Pro 11.0 (64-bit) VideoFileDownload VIO Player version 1.2 Virtual Families VLC Player WavePad Sound Editor WildTangent Games App (HP Games) WildTangent Web Driver Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash WinPcap 4.1.1 WinRAR 4.00 (64-bit) World of Goo Xiph.Org Open Codecs 0.85.17777 Xtranormal - TTS Engine Xtranormal Desktop Xtranormal State - Voicepack-USEnglish-Kenny22k Xtranormal State - Voicepack-USEnglish-Nelly22k Xtranormal State - Voicepack-USEnglish-Ryan22k . ==== Event Viewer Messages From Past Week ======== . 10/17/2012 4:24:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/17/2012 12:29:52 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 10/17/2012 12:29:34 AM, Error: Service Control Manager [7000] - The Port Forward service failed to start due to the following error: The system cannot find the path specified. 10/17/2012 12:29:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the jc4z service to connect. 10/17/2012 12:29:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 10/17/2012 12:29:24 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/17/2012 12:03:58 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/17/2012 12:03:58 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 10/16/2012 7:35:01 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 10/16/2012 7:34:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 10/16/2012 7:34:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 10/15/2012 7:21:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000316ffea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-91478-01. 10/15/2012 4:26:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AdvancedSystemCareService5 service. 10/13/2012 8:45:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003168fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-27948671-01. 10/12/2012 10:34:29 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7C413551-5001-4EBE-9365-9DFA8947F2D4} because another computer on the network has the same name. The server could not start. 10/11/2012 8:10:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c7fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101112-50793-01. 10/11/2012 7:22:08 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/11/2012 7:15:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eac117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101112-43165-01. 10/10/2012 6:05:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 10/10/2012 4:22:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. . ==== End Of File =========================== Here's my Attach file= DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/6/2011 1:53:37 AM System Uptime: 10/17/2012 3:34:33 PM (6 hours ago) . Motherboard: Hewlett-Packard | | 1697 Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 208.019 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.833 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP280: 10/16/2012 6:02:43 PM - Installed Microsoft Fix it 50123 RP281: 10/16/2012 6:22:42 PM - IObit Uninstaller restore point RP282: 10/16/2012 6:24:03 PM - IObit Uninstaller restore point RP283: 10/16/2012 6:25:46 PM - IObit Uninstaller restore point RP284: 10/16/2012 11:48:09 PM - IObit Uninstaller restore point RP285: 10/16/2012 11:54:44 PM - RegCure Pro Backup . ==== Installed Programs ====================== . Leawo MP4 Converter version 4.1.0.1 4Media PS3 Video Converter 4Sync 7-Zip 9.20 (x64 edition) Ace of Spades Action Replay DSi Code Manager ActiveCheck component for HP Active Support Library Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader 9.5.0 MUI Adobe Shockwave Player 11.6 Advanced SystemCare with Antivirus 2013 Algodoo Phun edition v5.28 AllMusicConverter 4.2.9 AllMusicConverter Media Suite 4.2.9 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Mobile Device Support Apple Software Update Art Effects for PDR10 Atheros Driver Installation Program µTorrent Bandicam Bandisoft MPEG-1 Decoder BattlEye (A2Free) Uninstall Bing Bar Bing Bar Platform Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony Build-a-lot 4 - Power Source Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ConverterLite 0.1 Coupon Printer for Windows CPUID CPU-Z 1.61.5 CraftBukkit CyberLink DVD Suite CyberLink YouCam D3DX10 Desura Energy Star Digital Logo ESU for Microsoft Windows 7 Farm Frenzy FATE FATE - The Traitor Soul FATE - Undiscovered Realms ffdshow [rev 3154] [2009-12-09] Fraps (remove only) FYZip 1.00 Game Booster 3 GIMP 2.8.2 Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.1.0.0 HP Auto HP Client Services HP CloudDrive HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Documentation HP Games HP MovieStore HP On Screen Display HP Photo Creations HP Power Manager HP Product Detection HP Quick Launch HP Setup HP Setup Manager HP Software Framework HP Support Assistant HP Update HP Wireless Assistant HPAsset component for HP Active Support Library HyperCam 2 iCoolsoft AAC Converter IDT Audio IL Shared Libraries IObit Malware Fighter IObit Unlocker iWin Games (remove only) Java 7 Update 7 Java Auto Updater Java 6 Update 26 (64-bit) Java SE Development Kit 6 Update 26 (64-bit) Junk Mail filter update K-Lite Codec Pack 7.6.0 (Basic) LabelPrint LightScribe System Software LogMeIn Hamachi Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MinecraftCrack MotioninJoy DS3 driver version 0.6.0005 Mozilla Firefox 4.0 (x86 en-US) MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Norton Internet Security Notepad++ NVIDIA PhysX OpenAL Pando Media Booster PDF Settings CS6 Plants Vs Zombies: Game of the Year Edition (remove only) Plants vs. Zombies Plants vs. Zombies - Game of the Year Edition PlayReady PC Runtime x86 Power2Go Prolog+CG 2.0.15 PunkBuster Services Realm of the Mad God RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek PCIE Card Reader RealUpgrade 1.1 Recovery Manager RegCure Pro ROBLOX Player ROBLOX Studio 2.0 Beta RoxioNow Player Search Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Click to Call Skype™ 5.10 Smart Defrag 2 SpongeBob Atlantis SquareOff Steam swMSM Synaptics Pointing Device Driver Terraria 1.1.2 Unity Web Player Unlocker 1.9.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VDownloader 3.9.1300 Vegas Pro 11.0 (64-bit) VideoFileDownload VIO Player version 1.2 Virtual Families VLC Player WavePad Sound Editor WildTangent Games App (HP Games) WildTangent Web Driver Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash WinPcap 4.1.1 WinRAR 4.00 (64-bit) World of Goo Xiph.Org Open Codecs 0.85.17777 Xtranormal - TTS Engine Xtranormal Desktop Xtranormal State - Voicepack-USEnglish-Kenny22k Xtranormal State - Voicepack-USEnglish-Nelly22k Xtranormal State - Voicepack-USEnglish-Ryan22k . ==== Event Viewer Messages From Past Week ======== . 10/17/2012 4:24:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/17/2012 12:29:52 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 10/17/2012 12:29:34 AM, Error: Service Control Manager [7000] - The Port Forward service failed to start due to the following error: The system cannot find the path specified. 10/17/2012 12:29:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the jc4z service to connect. 10/17/2012 12:29:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 10/17/2012 12:29:24 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/17/2012 12:03:58 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/17/2012 12:03:58 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 10/16/2012 7:35:01 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 10/16/2012 7:34:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 10/16/2012 7:34:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 10/15/2012 7:21:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000316ffea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-91478-01. 10/15/2012 4:26:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AdvancedSystemCareService5 service. 10/13/2012 8:45:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003168fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-27948671-01. 10/12/2012 10:34:29 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7C413551-5001-4EBE-9365-9DFA8947F2D4} because another computer on the network has the same name. The server could not start. 10/11/2012 8:10:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c7fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101112-50793-01. 10/11/2012 7:22:08 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/11/2012 7:15:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eac117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101112-43165-01. 10/10/2012 6:05:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 10/10/2012 4:22:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. . ==== End Of File =========================== And here's my RogueKiller report file= RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Scan -- Date : 10/17/2012 21:26:54 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 16 ¤¤¤ [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : XSECVA ("C:\Windows\system32\config\systemprofile\AppData\Roaming\xsecva\xsecva.exe" -s) -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : (C:\Windows\Temp\nwesxorcam.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : XSECVA ("C:\Windows\system32\config\systemprofile\AppData\Roaming\xsecva\xsecva.exe" -s) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : (C:\Windows\Temp\nwesxorcam.exe) -> FOUND [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4669 : wscript.exe C:\Users\David\AppData\Local\Temp\launchie.vbs //B -> FOUND [TASK][sUSP PATH] {D96301CF-100A-4432-A8CD-D3433714F810} : C:\Windows\system32\pcalua.exe -a "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke\Setup.exe" -d "C:\Users\David\Desktop\New folder (2)\mugen\chars\FG-MSasuke\FG-MSasuke" -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$448ba2fe126412d869cb65e0f4030769\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$448ba2fe126412d869cb65e0f4030769\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$448ba2fe126412d869cb65e0f4030769\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSX SATA Disk Device +++++ --- User --- [MBR] 993ddd5f92796248a77b186a1a330426 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289675 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 593664000 | Size: 15266 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 38352929c2d780a90a22d37c561431a2 [bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 2000 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
  21. NarutoGaiden
    I have had this trojan for more than 2 months and I wasn't able to get rid of it. I tried many antivirus and malware removal programs and none of them have worked. I have a Windows 7 HP 64 bit laptop if it helps.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.