Jump to content

mcjjandl

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mcjjandl
    Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 29 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  2. mcjjandl
    Here is the log from adwcleaner: (Downloading Security Check by screen317 now) # AdwCleaner v2.101 - Logfile created 12/18/2012 at 14:38:41 # Updated 16/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : ourlaptop - OURLAPTOP-LAPTP # Boot Mode : Normal # Running from : C:\Users\ourlaptop\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\ourlaptop\AppData\Roaming\OpenCandy ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) Profile name : default File : C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [776 octets] - [18/12/2012 14:38:41] ########## EOF - C:\AdwCleaner[s1].txt - [835 octets] ##########
  3. mcjjandl
    OK, Terminated OTM with the task manager. Had to reboot computer to rerun OTM. Here is the log: All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\ourlaptop\Desktop\cmd.bat deleted successfully. C:\Users\ourlaptop\Desktop\cmd.txt deleted successfully. File/Folder C:\Users\ourlaptop\AppData\Local\{CB8E17A1-8D7C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul not found. File/Folder C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\user.js not found. File/Folder :Commands not found. File/Folder [EmptyTemp] not found. OTM by OldTimer - Version 3.1.21.0 log created on 12182012_142033 About to download and run Xplode. thanks again for your help, M
  4. mcjjandl
    Downloaded and ran OTM. Pasted text into box and clicked move it. OTM is not responding. Has been locked now for over an hour? Results side says: Cmd.txt deleted then 2 more files something (can't see because I can't scroll the window) Do I terminate OTM?
  5. mcjjandl
    Kevin thanks again for your continued help. Here's the combo fix log followed by the eset scan threats. ComboFix 12-12-12.01 - ourlaptop 12/17/2012 17:20:28.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1331 [GMT -5:00] Running from: c:\users\ourlaptop\Desktop\ComboFix.exe Command switches used :: c:\users\ourlaptop\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ourlaptop\AppData\Roaming\Etot c:\users\ourlaptop\AppData\Roaming\Etot\odwux.goa c:\users\ourlaptop\AppData\Roaming\Olrew c:\users\ourlaptop\AppData\Roaming\Olrew\eryn.sup c:\users\ourlaptop\AppData\Roaming\Posea c:\users\ourlaptop\AppData\Roaming\Posea\owobq.noa c:\users\ourlaptop\AppData\Roaming\Uduvo c:\users\ourlaptop\AppData\Roaming\Yvboez c:\users\ourlaptop\AppData\Roaming\Yzvywo . . ((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 ))))))))))))))))))))))))))))))) . . 2012-12-17 22:29 . 2012-12-17 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-17 22:29 . 2012-12-17 22:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-12-05 02:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-05 02:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-05 02:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-05 02:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-05 02:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-05 02:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-05 02:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-05 02:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-05 02:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-05 02:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-05 02:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-05 02:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-12-05 02:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-12-05 02:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-05 02:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-05 02:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-12-05 02:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-12-04 21:15 . 2012-12-04 21:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-04 21:14 . 2012-12-04 21:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-04 21:14 . 2012-12-04 21:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-04 21:06 . 2012-12-04 21:06 -------- d-----w- c:\programdata\McAfee 2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\FFSJ 2012-12-03 18:26 . 2012-12-03 18:26 -------- d-----w- c:\windows\SysWow64\FFSJ 2012-12-03 18:26 . 2012-12-03 18:26 794906 ----a-w- c:\windows\unins000.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-04 21:14 . 2011-09-11 14:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-30 02:04 . 2011-07-05 17:31 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-12-05 02:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-05 02:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-05 02:10 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-05-21 16:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-11 19:34 . 2012-10-02 08:21 201728 ----a-w- c:\program files (x86)\hjsplit.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] "Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2012-08-29 93856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\ourlaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-09-07 100864] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2007-09-06 18944] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 113536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] . . Contents of the 'Scheduled Tasks' folder . 2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000Core.job - c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25] . 2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000UA.job - c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.facebook.com/?ref=hp mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-17 17:40:26 ComboFix-quarantined-files.txt 2012-12-17 22:40 ComboFix2.txt 2012-12-13 13:47 . Pre-Run: 173,665,386,496 bytes free Post-Run: 173,244,776,448 bytes free . - - End Of File - - C7269012E7D5E8B5F9B4462429B010F0 ESET SCAN: C:\Users\ourlaptop\AppData\Local\{CB8E17A1-8D7C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\user.js JS/SecurityDisabler.A.Gen application
  6. mcjjandl
    Sorry Kevinf80, I webt out of town after my last post. I had not touched the computer till this morning and have just run Combofix. I absolutely appreciate the help. Here is the log. ComboFix 12-12-12.01 - ourlaptop 12/13/2012 8:24.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1489 [GMT -5:00] Running from: c:\users\ourlaptop\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\205E3300sm.pad c:\programdata\83DB5600sm.pad c:\programdata\B0E60FD1sm.pad c:\programdata\FFE9ED81sm.pad c:\programdata\msconfig c:\users\ourlaptop\AppData\Roaming\Agfiec c:\users\ourlaptop\AppData\Roaming\Agfiec\tiil.fuu c:\users\ourlaptop\AppData\Roaming\Diraoh c:\users\ourlaptop\AppData\Roaming\Diraoh\ysnod.tet c:\users\ourlaptop\AppData\Roaming\Vuha c:\users\ourlaptop\AppData\Roaming\Vuha\vife.ylb c:\users\ourlaptop\AppData\Roaming\Xaqoy c:\users\ourlaptop\AppData\Roaming\Xaqoy\opyri.oza c:\users\ourlaptop\AppData\Roaming\Yxmi c:\users\ourlaptop\AppData\Roaming\Yxmi\ylgos.yww . . ((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 ))))))))))))))))))))))))))))))) . . 2012-12-13 13:35 . 2012-12-13 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-05 02:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-05 02:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-05 02:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-05 02:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-05 02:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-05 02:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-05 02:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-05 02:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-05 02:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-05 02:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-05 02:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-05 02:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-12-05 02:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-12-05 02:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-05 02:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-05 02:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-12-05 02:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-12-04 21:15 . 2012-12-04 21:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-04 21:14 . 2012-12-04 21:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-04 21:14 . 2012-12-04 21:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-04 21:06 . 2012-12-04 21:06 -------- d-----w- c:\programdata\McAfee 2012-12-03 22:00 . 2012-12-03 22:06 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Uduvo 2012-12-03 22:00 . 2012-12-03 22:00 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Etot 2012-12-03 21:11 . 2012-12-03 21:24 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Yvboez 2012-12-03 21:11 . 2012-12-03 21:11 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Olrew 2012-12-03 19:15 . 2012-12-03 19:21 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Yzvywo 2012-12-03 19:15 . 2012-12-03 19:15 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\Posea 2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\FFSJ 2012-12-03 18:26 . 2012-12-03 18:26 -------- d-----w- c:\windows\SysWow64\FFSJ 2012-12-03 18:26 . 2012-12-03 18:26 794906 ----a-w- c:\windows\unins000.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-04 21:14 . 2011-09-11 14:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-30 02:04 . 2011-07-05 17:31 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-12-05 02:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-05 02:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-05 02:10 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-30 00:54 . 2012-05-21 16:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-11 19:34 . 2012-10-02 08:21 201728 ----a-w- c:\program files (x86)\hjsplit.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] "Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2012-08-29 93856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\ourlaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-09-07 100864] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2007-09-06 18944] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 113536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] . . Contents of the 'Scheduled Tasks' folder . 2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000Core.job - c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25] . 2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000UA.job - c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.facebook.com/?ref=hp mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-13 08:47:42 ComboFix-quarantined-files.txt 2012-12-13 13:47 . Pre-Run: 171,720,585,216 bytes free Post-Run: 173,725,749,248 bytes free . - - End Of File - - 1CCD2D77DD16EC775DDE9997A48D78AF
  7. mcjjandl
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/5/2011 1:24:42 PM System Uptime: 12/7/2012 3:35:57 AM (14 hours ago) . Motherboard: eMachines | | eMachines E725 Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | uPGA-478 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 160.18 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP149: 12/5/2012 1:55:47 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Active@ Boot Disk Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 AnyDVD Apple Application Support Apple Mobile Device Support AVG 2012 Big Fish Games: Game Manager DVDFab 8.2.1.8 (09/11/2012) Qt Facebook Video Calling 1.2.0.287 File Splitter and Joiner (FFSJ v3.3) Free Download Manager 3.8 Freemake Video Converter version 3.1.2 GCstar 1.6.1 GIMP 2.6.12 Haunted Hotel: Lonely Dream HP Officejet 6500 E710n-z Basic Device Software HP Officejet 6500 E710n-z Help HP Officejet 6700 Basic Device Software HP Update I.R.I.S. OCR Java 7 Update 9 Java Auto Updater Java 6 Update 29 LEGO Universe Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.52 OpenOffice.org 3.3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sprint Mobile Broadband (Novatel Wireless) - Lite swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VideoReDo TVSuite Version 4.20.7.635 Visual Studio 2008 x64 Redistributables VLC media player 1.1.10 WinRAR 4.11 (32-bit) Wizard101 . ==== Event Viewer Messages From Past Week ======== . 12/6/2012 3:55:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:55:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/6/2012 3:55:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/6/2012 3:55:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/6/2012 3:55:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/6/2012 3:55:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/6/2012 3:55:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/6/2012 3:54:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:54:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/6/2012 3:54:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2012 3:54:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2012 3:54:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/6/2012 3:54:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/5/2012 8:57:02 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 12/3/2012 5:57:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/3/2012 5:55:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/3/2012 5:55:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ElbyCDIO spldr Wanarpv6 12/3/2012 5:19:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect. 12/3/2012 5:19:04 PM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by ourlaptop at 17:40:17 on 2012-12-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.2144 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\Free Download Manager\fdm.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.facebook.com/?ref=hp uWindows: Load = C:\Users\OURLAP~1\LOCALS~1\Temp\msaxuiyes.exe mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Facebook Update] "C:\Users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2211H2S005RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1 uRun: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun uRun: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\OURLAP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5835ADC2-4B37-4C7F-A2B1-35D857B41EA2} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{DEC6279F-3AED-4765-BE08-E420E974F87C} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{DEC6279F-3AED-4765-BE08-E420E974F87C}\65562796A7F6E602D494649443531303C4023323640302355636572756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DEC6279F-3AED-4765-BE08-E420E974F87C}\77F6A7A7 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{DEC6279F-3AED-4765-BE08-E420E974F87C}\C696E6B6379737 : DHCPNameServer = 208.28.34.12 208.28.34.13 TCP: Interfaces\{DEC6279F-3AED-4765-BE08-E420E974F87C}\D6867313C656F6 : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Users\ourlaptop\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-11 11:34; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF - ExtSQL: 2012-10-12 10:28; fmconverter@gmail.com; C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-10-12 100864] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-8-12 517632] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2007-9-6 18944] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2007-10-12 113536] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2012-12-05 02:24:45 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-12-05 02:24:45 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-12-05 02:24:45 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-12-05 02:24:45 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-12-05 02:13:22 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-12-05 02:13:22 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-12-05 02:13:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-12-05 02:13:22 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-12-05 02:13:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-12-05 02:13:22 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-12-05 02:13:22 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-12-05 02:09:12 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-12-05 02:09:12 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-12-05 02:09:11 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-12-05 02:09:11 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-12-05 02:09:11 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-12-05 02:09:11 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-12-04 21:14:53 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-12-04 21:14:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-03 22:00:39 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Yxmi 2012-12-03 22:00:39 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Uduvo 2012-12-03 22:00:39 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Etot 2012-12-03 21:11:14 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Yvboez 2012-12-03 21:11:14 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Olrew 2012-12-03 21:11:14 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Diraoh 2012-12-03 19:15:11 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Yzvywo 2012-12-03 19:15:11 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Xaqoy 2012-12-03 19:15:11 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\Posea 2012-12-03 18:30:57 -------- d-----w- C:\Users\ourlaptop\AppData\Roaming\FFSJ 2012-12-03 18:26:19 794906 ----a-w- C:\Windows\unins000.exe 2012-12-03 18:26:19 -------- d-----w- C:\Windows\SysWow64\FFSJ 2012-12-02 19:38:31 -------- d-sh--w- C:\ProgramData\msconfig 2012-11-13 01:13:24 -------- d-----w- C:\ProgramData\vsosdk . ==================== Find3M ==================== . 2012-12-04 21:14:17 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-11-11 19:34:12 201728 ----a-w- C:\Program Files (x86)\hjsplit.exe . ============= FINISH: 17:44:25.83 ===============
  8. mcjjandl
    Do I run the scans in safe mode or normal? thanks, M
  9. mcjjandl
    Had FBI ransom virus. Seems to have been removed successfully but Malwarebytes reports the PUM.UserWLoad virus "Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\OURLAP~1\LOCALS~1\Temp\msaxuiyes.exe -> Delete on reboot." Have run scan and rebooted several times same results registry not deleted. Have run the scan(Malwarebytes and AVG) in normal and safemode with the reboot same results. AVG does not detect any problems. Windows 7 home premium 64bit Help with removal will be greatly appreciated. M
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.