mcjjandl

December 18, 2012

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 29

Java 7 Update 9

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 13.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

December 18, 2012

Here is the log from adwcleaner: (Downloading Security Check by screen317 now)

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 14:38:41

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : ourlaptop - OURLAPTOP-LAPTP

# Boot Mode : Normal

# Running from : C:\Users\ourlaptop\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\ourlaptop\AppData\Roaming\OpenCandy

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [776 octets] - [18/12/2012 14:38:41]

########## EOF - C:\AdwCleaner[s1].txt - [835 octets] ##########

December 18, 2012

OK,

Terminated OTM with the task manager.

Had to reboot computer to rerun OTM.

Here is the log:

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\ourlaptop\Desktop\cmd.bat deleted successfully.

C:\Users\ourlaptop\Desktop\cmd.txt deleted successfully.

File/Folder C:\Users\ourlaptop\AppData\Local\{CB8E17A1-8D7C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul not found.

File/Folder C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\user.js not found.

File/Folder :Commands not found.

File/Folder [EmptyTemp] not found.

OTM by OldTimer - Version 3.1.21.0 log created on 12182012_142033

About to download and run Xplode.

thanks again for your help,

M

December 18, 2012

Downloaded and ran OTM.

Pasted text into box and clicked move it.

OTM is not responding.

Has been locked now for over an hour?

Results side says:

Cmd.txt deleted

then 2 more files something (can't see because I can't scroll the window)

Do I terminate OTM?

December 18, 2012

Kevin thanks again for your continued help.

Here's the combo fix log followed by the eset scan threats.

ComboFix 12-12-12.01 - ourlaptop 12/17/2012 17:20:28.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1331 [GMT -5:00]

Running from: c:\users\ourlaptop\Desktop\ComboFix.exe

Command switches used :: c:\users\ourlaptop\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\ourlaptop\AppData\Roaming\Etot

c:\users\ourlaptop\AppData\Roaming\Etot\odwux.goa

c:\users\ourlaptop\AppData\Roaming\Olrew

c:\users\ourlaptop\AppData\Roaming\Olrew\eryn.sup

c:\users\ourlaptop\AppData\Roaming\Posea

c:\users\ourlaptop\AppData\Roaming\Posea\owobq.noa

c:\users\ourlaptop\AppData\Roaming\Uduvo

c:\users\ourlaptop\AppData\Roaming\Yvboez

c:\users\ourlaptop\AppData\Roaming\Yzvywo

.

((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))

.

2012-12-17 22:29 . 2012-12-17 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-17 22:29 . 2012-12-17 22:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-05 02:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-05 02:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-05 02:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-05 02:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-05 02:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-05 02:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-05 02:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-05 02:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-05 02:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-05 02:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-05 02:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-05 02:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-12-05 02:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-12-05 02:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-05 02:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-05 02:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-12-05 02:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-12-04 21:15 . 2012-12-04 21:15 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-04 21:14 . 2012-12-04 21:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-04 21:14 . 2012-12-04 21:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-04 21:06 . 2012-12-04 21:06 -------- d-----w- c:\programdata\McAfee

2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\users\ourlaptop\AppData\Roaming\FFSJ

2012-12-03 18:26 . 2012-12-03 18:26 -------- d-----w- c:\windows\SysWow64\FFSJ

2012-12-03 18:26 . 2012-12-03 18:26 794906 ----a-w- c:\windows\unins000.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-04 21:14 . 2011-09-11 14:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-30 02:04 . 2011-07-05 17:31 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-12-05 02:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-05 02:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-05 02:10 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-30 00:54 . 2012-05-21 16:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-11 19:34 . 2012-10-02 08:21 201728 ----a-w- c:\program files (x86)\hjsplit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]

"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096]

"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2012-08-29 93856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\ourlaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-09-07 100864]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2007-09-06 18944]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 113536]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000Core.job

- c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25]

.

2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2689149421-1688756619-1309720667-1000UA.job

- c:\users\ourlaptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:25]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.facebook.com/?ref=hp

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-17 17:40:26

ComboFix-quarantined-files.txt 2012-12-17 22:40

ComboFix2.txt 2012-12-13 13:47

.

Pre-Run: 173,665,386,496 bytes free

Post-Run: 173,244,776,448 bytes free

.

- - End Of File - - C7269012E7D5E8B5F9B4462429B010F0

ESET SCAN:

C:\Users\ourlaptop\AppData\Local\{CB8E17A1-8D7C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan

C:\Users\ourlaptop\AppData\Roaming\Mozilla\Firefox\Profiles\ixvqb6j2.default\user.js JS/SecurityDisabler.A.Gen application

December 13, 2012

Sorry Kevinf80, I webt out of town after my last post. I had not touched the computer till this morning and have just run Combofix.

I absolutely appreciate the help. Here is the log.

ComboFix 12-12-12.01 - ourlaptop 12/13/2012 8:24.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1489 [GMT -5:00]

Running from: c:\users\ourlaptop\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\205E3300sm.pad

c:\programdata\83DB5600sm.pad

c:\programdata\B0E60FD1sm.pad

c:\programdata\FFE9ED81sm.pad

c:\programdata\msconfig

c:\users\ourlaptop\AppData\Roaming\Agfiec

c:\users\ourlaptop\AppData\Roaming\Agfiec\tiil.fuu

c:\users\ourlaptop\AppData\Roaming\Diraoh

c:\users\ourlaptop\AppData\Roaming\Diraoh\ysnod.tet

c:\users\ourlaptop\AppData\Roaming\Vuha

c:\users\ourlaptop\AppData\Roaming\Vuha\vife.ylb

c:\users\ourlaptop\AppData\Roaming\Xaqoy

c:\users\ourlaptop\AppData\Roaming\Xaqoy\opyri.oza

c:\users\ourlaptop\AppData\Roaming\Yxmi

c:\users\ourlaptop\AppData\Roaming\Yxmi\ylgos.yww

.

((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))

.

2012-12-13 13:35 . 2012-12-13 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp