Jump to content

gerridawn

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. gerridawn
    Forgot to say it is connecting to the internet now.
  2. gerridawn
    I am having a bit of an issue, For some reason I cannotget the monitor to come up I keep getting input signal out of range. I assume becasue I have moved it from the home monitor to my monitor at work. So I have to put it in safe mode in order to see. (if I change the resolution settings they don't hold) Anyway, I have uninstalled Norton but am still getting the error that Norton Internet security is running. I ran the scans anyway and here are the results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.8.0 (12.04.2012:1) OS: Windows Vista Home Premium x64 Ran by Jim on Tue 12/11/2012 at 10:21:42.90 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 12/11/2012 at 10:23:51.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix 12-12-04.01 - Jim 12/11/2012 12:46:03.3.4 - x64 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.7179 [GMT -6:00] Running from: c:\users\Jim\Desktop\ComboFix.exe Command switches used :: c:\users\Jim\Desktop\CFscript.txt AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\Tasks\Playtopus Updater.job" . . ((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 ))))))))))))))))))))))))))))))) . . 2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- c:\windows\ERUNT 2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- C:\JRT 2012-11-28 23:01 . 2012-11-28 23:01 -------- d-----w- c:\users\Jim\AppData\Roaming\SUPERAntiSpyware.com 2012-11-28 23:00 . 2012-11-28 23:01 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-28 23:00 . 2012-11-28 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\programdata\Malwarebytes 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-24 04:00 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-24 00:19 . 2012-11-24 00:20 -------- d-----w- c:\users\Jim\AppData\Roaming\Expert PDF 7 2012-11-23 23:04 . 2012-11-23 23:04 -------- d-----w- c:\users\Jim\AppData\Roaming\Tific 2012-11-18 01:52 . 2012-11-18 01:52 -------- d-----w- c:\users\Jim\AppData\Roaming\.minecraft 2012-11-18 01:47 . 2012-11-18 01:47 -------- d-----w- c:\users\Craig\AppData\Roaming\Expert PDF 7 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\program files (x86)\Avanquest 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF Jobs 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF 7 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Avanquest 2012-11-18 01:45 . 2012-11-18 01:45 -------- d-----w- c:\program files (x86)\SaveValet 2012-11-18 01:45 . 2012-11-28 22:37 -------- d-----w- c:\program files (x86)\Surf Canyon 2012-11-18 01:45 . 2012-11-23 15:31 -------- d-----w- c:\users\Jim\AppData\Roaming\Genieo 2012-11-15 23:54 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 23:54 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 23:53 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 09:01 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe 2012-09-13 13:45 . 2012-10-10 04:06 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-13 13:28 . 2012-10-10 04:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}] c:\users\Craig\AppData\Local\Playtopus\Playtopus.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-01-12 972344] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-2-10 237568] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Photo Card Event Planner Reminder.lnk - c:\windows\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [2010-2-10 1718] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43] . 2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43] . 2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{A529B67C-1C15-4566-86BE-354EDFB718BE}.job - c:\windows\system32\msfeedssync.exe [2012-09-22 08:30] . 2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{A6F90E51-164F-46B8-B442-ACFDA631E81A}.job - c:\windows\system32\msfeedssync.exe [2012-09-22 08:30] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.rr.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.202.1.30 10.203.1.30 10.201.1.30 . - - - - ORPHANS REMOVED - - - - . AddRemove-DefaultTab - c:\users\Jim\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exe AddRemove-sp41119 - c:\hp\Softpaq\sp41119\sp41119.exe AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}] "ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2012-12-11 12:50:04 ComboFix-quarantined-files.txt 2012-12-11 18:50 ComboFix2.txt 2012-12-11 17:12 . Pre-Run: 413,273,247,744 bytes free Post-Run: 413,224,312,832 bytes free . - - End Of File - - 85D62AAB28D1A5F6F3E737E448026510
  3. gerridawn
    Combo fix log Tried to repair the network connection still unable to connect. Also IE not responding after restart. . ComboFix 12-12-04.01 - Jim 12/06/2012 12:02:18.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5370 [GMT -6:00] Running from: c:\users\Jim\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRFF10.tmp c:\windows\SysWow64\jucheck.exe c:\windows\SysWow64\jusched.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 ))))))))))))))))))))))))))))))) . . 2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Alex\AppData\Local\temp 2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Leann\AppData\Local\temp 2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Craig\AppData\Local\temp 2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- c:\windows\ERUNT 2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- C:\JRT 2012-11-28 23:01 . 2012-11-28 23:01 -------- d-----w- c:\users\Jim\AppData\Roaming\SUPERAntiSpyware.com 2012-11-28 23:00 . 2012-11-28 23:01 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-28 23:00 . 2012-11-28 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\programdata\Malwarebytes 2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-24 04:00 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-24 00:19 . 2012-11-24 00:20 -------- d-----w- c:\users\Jim\AppData\Roaming\Expert PDF 7 2012-11-23 23:04 . 2012-11-23 23:04 -------- d-----w- c:\users\Jim\AppData\Roaming\Tific 2012-11-23 15:15 . 2012-11-23 15:17 -------- d-----w- c:\program files\Symantec 2012-11-23 15:15 . 2012-12-01 06:59 -------- d-----w- c:\windows\system32\drivers\NSMx64 2012-11-23 15:15 . 2012-11-23 15:15 -------- d-----w- c:\program files (x86)\Norton Family 2012-11-18 01:52 . 2012-11-18 01:52 -------- d-----w- c:\users\Jim\AppData\Roaming\.minecraft 2012-11-18 01:47 . 2012-11-18 01:47 -------- d-----w- c:\users\Craig\AppData\Roaming\Expert PDF 7 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\program files (x86)\Avanquest 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF Jobs 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF 7 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Avanquest 2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\users\Craig\AppData\Local\Playtopus 2012-11-18 01:45 . 2012-11-18 01:45 -------- d-----w- c:\program files (x86)\SaveValet 2012-11-18 01:45 . 2012-11-28 22:37 -------- d-----w- c:\program files (x86)\Surf Canyon 2012-11-18 01:45 . 2012-11-23 15:31 -------- d-----w- c:\users\Jim\AppData\Roaming\Genieo 2012-11-15 23:54 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 23:54 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 23:53 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-23 15:15 . 2009-11-17 03:52 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-11-16 09:01 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe 2012-09-13 13:45 . 2012-10-10 04:06 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-13 13:28 . 2012-10-10 04:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}] 2012-11-18 01:46 111104 ----a-w- c:\users\Craig\AppData\Local\Playtopus\Playtopus.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-01-12 972344] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-2-10 237568] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Photo Card Event Planner Reminder.lnk - c:\windows\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [2010-2-10 1718] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43] . 2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43] . 2012-11-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jim.job - c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-10-12 22:03] . 2012-12-06 c:\windows\Tasks\Playtopus Updater.job - c:\users\Craig\AppData\Local\PLAYTO~1\Updater.dll [2012-11-18 01:46] . 2012-12-06 c:\windows\Tasks\User_Feed_Synchronization-{A529B67C-1C15-4566-86BE-354EDFB718BE}.job - c:\windows\system32\msfeedssync.exe [2012-09-22 08:30] . 2012-12-06 c:\windows\Tasks\User_Feed_Synchronization-{A6F90E51-164F-46B8-B442-ACFDA631E81A}.job - c:\windows\system32\msfeedssync.exe [2012-09-22 08:30] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.rr.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.17.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe AddRemove-DefaultTab - c:\users\Jim\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exe AddRemove-sp41119 - c:\hp\Softpaq\sp41119\sp41119.exe AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSM] "ImagePath"="\"c:\program files (x86)\Norton Family\Engine\2.6.0.51\ccSvcHst.exe\" /s \"NSM\" /m \"c:\program files (x86)\Norton Family\Engine\2.6.0.51\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}] "ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2012-12-06 12:40:11 ComboFix-quarantined-files.txt 2012-12-06 18:40 . Pre-Run: 405,608,382,464 bytes free Post-Run: 409,570,279,424 bytes free . - - End Of File - - DE362E99A795803C7976A97A65C935B6
  4. gerridawn
    Below are the logs FSS.txt JRT.txt
  5. gerridawn
    I have ran Malwarebytes and supposedly cleaned system. Still unable to connect to the internet and seeing registry keys for funmoods and some others I don't recognize. See logs below. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.