Jump to content

yuprules

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by yuprules

    Malwarebytes finds zero issues, but getting a credit card pop up when I visit any secure page

    in Resolved Malware Removal Logs

    Posted

    Thanks again for all your help! I fixed the two issues in the Malwarebytes by the way.

    Logs you requested:

    Malwarebytes Anti-Malware 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.29.09

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    alexish :: ALEXISH1 [administrator]

    11/29/2012 1:23:33 PM

    mbam-log-2012-11-29 (13-23-33).txt

    Scan type: Full scan (C:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 343981

    Time elapsed: 38 minute(s), 56 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 1

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 10/27/2011 11:51:32 AM

    System Uptime: 11/29/2012 1:19:36 PM (1 hours ago)

    .

    Motherboard: Dell Inc. | | 0GDG8Y

    Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 220 GiB total, 168.747 GiB free.

    D: is CDROM ()

    E: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP83: 11/2/2012 3:29:50 PM - Windows Update

    RP84: 11/12/2012 1:12:53 PM - Scheduled Checkpoint

    RP85: 11/20/2012 1:30:08 PM - Scheduled Checkpoint

    RP86: 11/27/2012 1:43:34 PM - Scheduled Checkpoint

    RP87: 11/28/2012 2:44:38 PM - Installed Java 7 Update 9

    RP88: 11/28/2012 2:46:59 PM - Removed Java 6 Update 32

    RP89: 11/28/2012 4:31:52 PM - Windows Update

    .

    ==== Installed Programs ======================

    .

    32 Bit HP CIO Components Installer

    7-Zip 9.20

    Adobe Flash Player 11 ActiveX

    Adobe Reader X (10.1.4)

    BookSmart® 3.2.3 3.2.3

    Conexant HD Audio

    CutePDF Writer 2.7

    D3DX10

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

    FRx 6.7 (C:\Program Files\FRx Software\FRx 6.7)

    Google Chrome

    Google Update Helper

    Java 7 Update 9

    Kyocera Product Library

    Lexmark Software Uninstall

    LiveUpdate 3.3 (Symantec Corporation)

    Living Cookbook 2011

    Malwarebytes Anti-Malware version 1.65.1.1000

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Firewall Client

    Microsoft FRx 6.7 Programmability Support

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Groove MUI (English) 2010

    Microsoft Office InfoPath MUI (English) 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Professional Plus 2010

    Microsoft Office Project Professional 2003

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP2 Parser and SDK

    Realtek Ethernet Controller Driver

    Sage Fundraising 100 - Workstation Setup 9.02

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

    Spybot - Search & Destroy

    Symantec Endpoint Protection

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft Office 2010 (KB2494150)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553092)

    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Messenger

    Windows Live Photo Common

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    .

    ==== Event Viewer Messages From Past Week ========

    .

    11/29/2012 12:56:29 PM, Error: Service Control Manager [7034] - The Firewall Client Agent service terminated unexpectedly. It has done this 1 time(s).

    11/29/2012 12:54:05 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    11/29/2012 12:53:23 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

    11/29/2012 12:53:23 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

    11/29/2012 1:04:39 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    11/29/2012 1:04:16 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    11/29/2012 1:02:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    11/29/2012 1:02:40 PM, Error: Service Control Manager [7034] - The lmab_device service terminated unexpectedly. It has done this 1 time(s).

    11/28/2012 8:55:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    .

    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

    Run by alexish at 14:04:38 on 2012-11-29

    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2979.1740 [GMT -5:00]

    .

    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\LogonUI.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

    C:\Windows\system32\LMabcoms.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\rdpclip.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\AUDIODG.EXE

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://fedcja.net/

    uProxyServer = isa.fcja.org:8080

    uProxyOverride = <local>

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

    uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.exe

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

    mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    uPolicies-Explorer: NoSMBalloonTip = dword:1

    uPolicies-Explorer: NoSMConfigurePrograms = dword:1

    uPolicies-Explorer: NoRecentDocsNetHood = dword:1

    uPolicies-Explorer: NoActiveDesktop = dword:1

    uPolicies-Explorer: NoWebServices = dword:1

    uPolicies-Explorer: NoOnlinePrintsWizard = dword:1

    uPolicies-Explorer: NoWelcomeScreen = dword:1

    uPolicies-Explorer: NoThumbnailCache = dword:1

    uPolicies-Explorer: NoStartMenuMyMusic = dword:1

    uPolicies-Explorer: DisallowRun = dword:1

    uPolicies-DisallowRun: 1 = acl.exe

    uPolicies-DisallowRun: 2 = MarioForever.exe

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: DisableBkGndGroupPolicy = dword:1

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

    LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    TCP: NameServer = 192.168.128.14 192.168.128.15

    TCP: Interfaces\{A78ED552-D9A9-4DC1-BED2-EA6F79338184} : DHCPNameServer = 192.168.128.14 192.168.128.15

    Notify: igfxcui - igfxdev.dll

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

    .

    ============= SERVICES / DRIVERS ===============

    .

    R2 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]

    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-11-8 1839776]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]

    R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-10-27 328808]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-2 14848]

    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-2 49664]

    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-27 1343400]

    .

    =============== Created Last 30 ================

    .

    2012-11-29 17:33:13 -------- d-----w- C:\_OTM

    2012-11-29 13:37:48 -------- d-----w- c:\users\alexish\appdata\local\{9343FBBD-7A6F-448C-A59E-376438911177}

    2012-11-28 21:35:14 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

    2012-11-28 21:35:13 9728 ----a-w- c:\windows\system32\Wdfres.dll

    2012-11-28 21:35:13 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

    2012-11-28 21:34:35 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

    2012-11-28 21:34:35 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

    2012-11-28 21:34:33 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

    2012-11-28 21:34:33 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

    2012-11-28 21:34:31 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

    2012-11-28 21:34:30 613888 ----a-w- c:\windows\system32\WUDFx.dll

    2012-11-28 21:34:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe

    2012-11-28 21:30:59 156672 ----a-w- c:\windows\system32\ncsi.dll

    2012-11-28 21:29:22 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-11-28 21:29:22 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-11-28 21:29:20 2345984 ----a-w- c:\windows\system32\win32k.sys

    2012-11-28 20:26:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy

    2012-11-28 20:26:53 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2012-11-28 19:45:36 -------- d-----w- c:\windows\system32\appmgmt

    2012-11-28 19:45:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

    2012-11-28 19:43:13 -------- d-----w- c:\users\alexish\appdata\roaming\Malwarebytes

    2012-11-28 19:43:07 -------- d-----w- c:\programdata\Malwarebytes

    2012-11-28 19:43:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-11-28 19:43:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-11-28 13:53:35 -------- d-----w- c:\users\alexish\appdata\local\{94576ADB-C910-47F3-9C4F-87C85B64AE40}

    2012-11-27 14:04:46 -------- d-----w- c:\users\alexish\appdata\local\{D3D57A50-100C-4BE2-9C83-9E02997E296E}

    2012-11-26 14:44:18 -------- d-----w- c:\users\alexish\appdata\local\{104E0F2A-74D7-43F8-830A-212BECFF7F08}

    2012-11-23 13:31:46 -------- d-----w- c:\users\alexish\appdata\local\Google

    2012-11-23 13:30:26 -------- d-----w- c:\users\alexish\appdata\local\{08B7C41E-99A8-4595-933E-CD8C981F484E}

    2012-11-22 13:31:09 -------- d-----w- c:\users\alexish\appdata\local\{75D0990F-AE30-4E05-8004-723420F7E3FA}

    2012-11-21 13:44:20 -------- d-----w- c:\users\alexish\appdata\local\{32BEFB30-828C-469F-BFBD-7E90CDAC9144}

    2012-11-20 13:53:22 -------- d-----w- c:\users\alexish\appdata\local\{1E87E354-FAC5-4C52-B0F4-1B823B493BBF}

    2012-11-19 13:44:06 -------- d-----w- c:\users\alexish\appdata\local\{BE255A0E-CF34-4D13-B68D-EA077BB68E4D}

    2012-11-16 13:35:50 -------- d-----w- c:\users\alexish\appdata\local\{DEF7C647-088E-40BE-A65C-D05A8596D731}

    2012-11-15 13:46:24 -------- d-----w- c:\users\alexish\appdata\local\{72DDF69D-9375-4E59-8FF4-794597396BC8}

    2012-11-14 13:53:14 -------- d-----w- c:\users\alexish\appdata\local\{221E7A18-4961-4D21-9565-EE79956B18AB}

    2012-11-13 13:48:17 -------- d-----w- c:\users\alexish\appdata\local\{6BFF7F0A-E678-4B8F-944A-7C2C72D857B0}

    2012-11-12 13:43:57 -------- d-----w- c:\users\alexish\appdata\local\{098DB909-CE27-4A55-BA12-E07F68F4BD6B}

    2012-11-09 14:15:41 -------- d-----w- c:\users\alexish\appdata\local\{021B93CE-DDA5-4308-937C-806E07FB2351}

    2012-11-08 13:25:17 -------- d-----w- c:\users\alexish\appdata\local\{8D699A81-6B6A-4221-B701-BDC6821415A6}

    2012-11-07 13:06:24 -------- d-----w- c:\users\alexish\appdata\local\{D9117423-8ECE-4A19-A988-FAB2E4C09EA8}

    2012-11-06 13:54:14 -------- d-----w- c:\users\alexish\appdata\local\{3B0FC483-BE4C-4DDB-934E-AB5373EA6625}

    2012-11-05 13:45:24 -------- d-----w- c:\users\alexish\appdata\local\{7210E0A0-8A52-4692-BA9D-5D6BD76C060E}

    2012-11-02 19:32:44 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-11-02 19:31:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

    2012-11-02 19:31:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-11-02 19:31:41 1159680 ----a-w- c:\windows\system32\crypt32.dll

    2012-11-02 19:31:11 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

    2012-11-02 19:30:44 542208 ----a-w- c:\windows\system32\kerberos.dll

    2012-11-02 19:30:34 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-11-02 19:30:33 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-11-02 19:30:17 369856 ----a-w- c:\windows\system32\drivers\cng.sys

    2012-11-02 19:30:17 247808 ----a-w- c:\windows\system32\schannel.dll

    2012-11-02 19:30:17 220160 ----a-w- c:\windows\system32\ncrypt.dll

    2012-11-02 19:30:17 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

    2012-11-02 19:30:17 1039360 ----a-w- c:\windows\system32\lsasrv.dll

    2012-11-02 11:47:29 -------- d-----w- c:\users\alexish\appdata\local\{BF6F4656-F7F7-4D24-88E4-C4E4BD7EEEC4}

    2012-11-01 12:17:23 -------- d-----w- c:\users\alexish\appdata\local\{DFC46E13-1865-48B9-BE40-C70493584FD8}

    2012-10-31 12:43:18 -------- d-----w- c:\users\alexish\appdata\local\{D1020DEA-E5D8-4360-9055-B6932F7AB7F3}

    .

    ==================== Find3M ====================

    .

    2012-11-28 19:45:01 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

    2012-11-28 19:45:01 746984 ----a-w- c:\windows\system32\deployJava1.dll

    2012-11-23 13:31:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-11-23 13:31:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

    2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

    2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

    2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-09-28 04:52:20 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys

    2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll

    .

    ============= FINISH: 14:05:06.20 ===============

    Malwarebytes finds zero issues, but getting a credit card pop up when I visit any secure page

    in Resolved Malware Removal Logs

    Posted

    Hijack log here, you'll have to wait an hour for the scan to finish with Malwarebytes (in case there are other issues).

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 1:22:17 PM, on 11/29/2012

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16455)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\rdpclip.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\alexish\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fedcja.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa.fcja.org:8080

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fcja.org

    O17 - HKLM\Software\..\Telephony: DomainName = fcja.org

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fcja.org

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fcja.org

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    --

    End of file - 7099 bytes

    Malwarebytes finds zero issues, but getting a credit card pop up when I visit any secure page

    in Resolved Malware Removal Logs

    Posted

    OTM actually froze when I clicked MOVEit, the last thing I saw on the screen was

    "ALL PROCESSES KILLED"

    =======REGISTRY===========

    and OTM didn't respond anymore.

    I forced a shutdown -r after waiting 5 minutes for it to respond, it didn't. Went into the registry and the entry was still there, if I manually DELETED it with regedit,

    The registry key with the spyware in it HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

    C:\Users\alexish\AppData\Roaming\Kuivuc\obwa.exe

    This would keep coming back every few seconds, the OTM couldn't even kill the process (wow).

    So, I took your idea and went differently with it. I logged in as local admin in Windows 7 Safe Mode, the spyware didn't launch (badly written I guess, lucky me). I removed the registry key myself and deleted the file in your paste and rebooted with the user profile, it's gone.

    Thank you very much for your help and hope this post will help someone else that googles for it. I really appreciate it!

    Malwarebytes finds zero issues, but getting a credit card pop up when I visit any secure page

    in Resolved Malware Removal Logs

    Posted

    One of our users has a pretty nasty spyware, latest Symantec Endpoint Protection finds nothing, Spybot Search and Destory finds nothing and even Malwarebytes finds nothing. Nothing obvious in the registry, but every thing she visits pages that are ssl (such as Amazon's check out page), it pops up an EXTRA window asking for a credit card that goes to ispwell.com

    Here's the hijack this log, hope you can help out:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 10:40:34 AM, on 11/29/2012

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16455)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    C:\Windows\system32\rdpclip.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Users\alexish\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fedcja.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa.fcja.org:8080

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: [Armeuz] C:\Users\alexish\AppData\Roaming\Kuivuc\obwa.exe

    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fcja.org

    O17 - HKLM\Software\..\Telephony: DomainName = fcja.org

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fcja.org

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fcja.org

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    --

    End of file - 6908 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.