Jump to content

ShawnSchirmer

Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I would also like to make a donation at this time. Is it safe to do so with a debit card, given the virus(es) currently on my computer?
  2. Thanks, Gringo. I am reading through your instructions and doing my best to understand them. As soon as I do and can execute them I will post what you ask for. Shawn.
  3. By the way, the Chrome History I was able to save exceeded four thousand pages. For what it's worth, everything else about my computer was functioning well. It wasn't until I got home earlier today and began closing out websites I had visited in Chrome towards uninstalling Chrome that Chitka and the Advertise popup reappeared. It occurred to me to check Internet Explorer and the Advertise popup also reappeared as soon as I opened IE.
  4. Believe it or not, I just got out of the hospital earlier today. I appreciate that you are still here and I will go through the steps you posted tomorrow, and will follow through with everything we need to do. Unfortunately, the Chitka virus and the Advertise popup that started this whole thing are back. Should I resume by going back to the first instructions you gave me and work through the thread again until I get to this point? I will wait for your next instructions. Thank you, Shawn
  5. I will read through those two links then work through the instructions in your post number 25. Thank you, Shawn
  6. Gringo, thank you for your patience. You had mentioned that I should note other issues with my computer as this process unfolded. Fwiw, I can access Google's search engine and Google Maps through ixquick.com, among other sites. On the other hand, I'm now having problems opening .wps documents I created and am working on. I've never had an issue with that, and I just tried to open a 30 page document I wrote last week. It had plenty of illustrations and was around 8MB in size. Word would not open it so I tried opening it in WordPad. WordPad did open the document, but in so doing turned it into a 4KB document containing four lines of text. I had backed up the document a week before so 'only' lost 1MB of data. I loaded from my saved copy and was able to work and save several times, but it just happened again with the same document and at least one other .wps document. Before I proceed, could this difficulty with self-created .wps documents be related to any of the viruses I've had, or any of the programs we've run? Also, I have hundreds of land searches in my Chrome History. Is it at all possible to save that somewhere? If not is my only option to reopen the pages one at a time from History, then save those as Bookmarks? (I can copy and past from History but it's not a pleasant way to keep track of sites, and if I'm having a problem opening large .wps documents, I shudder to think of what might happen with a .wps file containing hundreds of links/web addresses). Shawn
  7. Shawn is extremely ill but will execute the above instructions as soon as he is able. Thank you.
  8. Okay, I went ahead and followed the instructions in your post 21. After restarting IE, it still will not allow searches using Google. I cannot search with Google in Chrome, either. Everything else seems to be running smoothly.
  9. I refreshed several times in the last two hours but your latest post did not appear until after I posted number 22. I see you posted number 21 over two hours ago, but it only just now appeared. In light of my previous post, 22, shall I go ahead and execute the instructions in your post 21, or is there something else I should do.
  10. Uh-oh. Even though my browser issues seem resolved with the exception of not being able to use Google in three browsers, I'm now having unprecedented problems opening .wps files. I just permanently lost an 8MB file detailing a building I'm designing. Works wasn't opening it (I've never had that problem before) so I tried opening it in Wordpad just to see if that worked, and my 8MB file turned into a 4KB file. Only a recent backup saved most of forty hours work. Other essential Word files are now impossible to open. I don't know if any of the programs we ran contributed to or caused this. Is there anyway to pinpoint the source of the problem without destroying data? Thanks, Shawn
  11. I just opened my Opera browser for the first time in months and also got the Forbidden 403 window, though everything else about Opera seemed okay.
  12. Okay--I just opened my Firefox browser, something i very rarely use. It gets to www.google.com just fine, and searches work fine too.
  13. I do not know why code is appearing along with the ComboFix Log text. It does not appear in the log itself.
  14. <p>Sorry, Gringo. My post was truncated for some reason. Below is the ComboFix log. I still can't access www.google.com from IE or Chrome. Everything else seems fine. </p> <p> </p> <p> </p> <div>ComboFix 13-04-29.01 - newjohndoe 05/01/2013 4:59.2.4 - x86</div> <div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.1378 [GMT -4:00]</div> <div>Running from: c:\documents and settings\newjohndoe\Desktop\ComboFix.exe</div> <div>Command switches used :: c:\documents and settings\newjohndoe\Desktop\CFScript.txt</div> <div>AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\documents and settings\newjohndoe\Application Data\Strongvault</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-04-28 02:38 . 2013-04-28 02:38<span class="Apple-tab-span" style="white-space:pre"> </span>143688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\6FC03202.sys</div> <div>2013-04-26 21:53 . 2013-04-26 21:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\ATI</div> <div>2013-04-26 02:00 . 2013-04-26 02:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\MSXML 4.0</div> <div>2013-04-24 21:03 . 2013-04-24 21:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Sony_SoundOrganizer_2F70A8C8665241a6ABC5BCF09F756BC3</div> <div>2013-04-22 06:47 . 2013-04-22 06:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\newjohndoe\Application Data\JAM Software</div> <div>2013-04-19 12:52 . 2012-06-02 19:18<span class="Apple-tab-span" style="white-space:pre"> </span>275696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mucltui.dll</div> <div>2013-04-19 12:52 . 2012-06-02 19:18<span class="Apple-tab-span" style="white-space:pre"> </span>214256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\muweb.dll</div> <div>2013-04-19 12:45 . 2013-04-19 12:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\MFAData</div> <div>2013-04-19 10:25 . 2013-04-19 10:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Silverlight</div> <div>2013-04-19 07:55 . 2013-04-28 09:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\newjohndoe\Local Settings\Application Data\Google</div> <div>2013-04-19 06:59 . 2013-04-24 21:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Sony Corporation</div> <div>2013-04-19 06:44 . 2013-04-19 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\newjohndoe\Application Data\Nuance</div> <div>2013-04-19 06:21 . 2013-04-19 06:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\newjohndoe\Application Data\FLEXnet</div> <div>2013-04-19 06:19 . 2013-04-19 06:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\IVA</div> <div>2013-04-19 06:18 . 2013-04-19 06:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Nuance</div> <div>2013-04-19 06:16 . 2013-04-19 06:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\FLEXnet</div> <div>2013-04-19 06:16 . 2013-04-19 06:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\Speech</div> <div>2013-04-19 06:16 . 2013-04-19 06:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Nuance</div> <div>2013-04-19 04:06 . 2013-04-19 04:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div> <div>2013-04-19 03:43 . 2013-04-19 03:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\newjohndoe\Local Settings\Application Data\PCHealth</div> <div>2013-04-19 03:16 . 2013-04-19 12:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\AVG10</div> <div>2013-04-19 02:42 . 2013-04-19 02:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft.NET</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-04-11 17:56 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>71192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atimpc32.dll</div> <div>2013-04-11 17:56 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>71192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\amdpcom32.dll</div> <div>2013-04-11 17:54 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>6850048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ati2mtag.sys</div> <div>2013-04-11 17:45 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>442368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ATIDEMGX.dll</div> <div>2013-04-11 17:44 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>306176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati2dvag.dll</div> <div>2013-04-11 17:22 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>212992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atipdlxx.dll</div> <div>2013-04-11 17:22 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>163840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Oemdspif.dll</div> <div>2013-04-11 17:22 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>26112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Ati2mdxx.exe</div> <div>2013-04-11 17:22 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati2edxx.dll</div> <div>2013-04-11 17:22 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>192512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati2evxx.dll</div> <div>2013-04-11 17:20 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>643072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati2evxx.exe</div> <div>2013-04-11 17:19 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ATIDDC.DLL</div> <div>2013-04-11 17:05 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>4844064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati3duag.dll</div> <div>2013-04-11 16:49 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>18964480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atioglxx.dll</div> <div>2013-04-11 16:43 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>2380672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ativvaxx.dll</div> <div>2013-04-11 16:43 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>307200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiiiexx.dll</div> <div>2013-04-11 16:27 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>163840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiapfxx.exe</div> <div>2013-04-11 16:23 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>929792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atikvmag.dll</div> <div>2013-04-11 16:18 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>245760<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiadlxx.dll</div> <div>2013-04-11 16:18 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>17408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atitvo32.dll</div> <div>2013-04-11 16:17 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ati2erec.dll</div> <div>2013-04-11 16:15 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>495616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiok3x2.dll</div> <div>2013-04-11 16:13 . 2011-03-06 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>663552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ati2cqag.dll</div> <div>2013-04-04 18:50 . 2011-03-07 07:58<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2013-04-01 06:20 . 2013-04-01 06:20<span class="Apple-tab-span" style="white-space:pre"> </span>409600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wrap_oal.dll</div> <div>2013-04-01 06:20 . 2013-04-01 06:20<span class="Apple-tab-span" style="white-space:pre"> </span>114688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\OpenAL32.dll</div> <div>2013-03-08 15:13 . 2012-04-13 02:10<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2013-03-08 15:13 . 2011-08-15 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2013-03-08 08:36 . 2004-08-04 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>293376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winsrv.dll</div> <div>2013-03-07 01:32 . 2004-08-04 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>2149888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2013-03-07 00:50 . 2004-08-03 22:59<span class="Apple-tab-span" style="white-space:pre"> </span>2028544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2013-03-02 03:12 . 2013-02-13 05:18<span class="Apple-tab-span" style="white-space:pre"> </span>33112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div> <div>2013-03-02 01:25 . 2004-08-04 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>1867264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2013-02-27 07:56 . 2011-03-05 10:50<span class="Apple-tab-span" style="white-space:pre"> </span>2067456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mstscax.dll</div> <div>2013-02-12 00:32 . 2008-04-13 18:56<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usb8023x.sys</div> <div>2013-02-12 00:32 . 2004-08-04 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usb8023.sys</div> <div>2010-03-25 15:02 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>3782272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AiSuite.exe</div> <div>2010-01-10 02:55 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>811648<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RegSchdTask.exe</div> <div>2009-12-29 01:19 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>461440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CpuLevelUpHook64.exe</div> <div>2009-12-29 01:19 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>326272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CpuLevelUpHook32.exe</div> <div>2009-12-29 01:19 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>589440<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CpuLevelUpHookLaunch.exe</div> <div>2009-12-29 01:19 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>887936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CpuLevelUpHelp.exe</div> <div>2009-06-29 20:25 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AsAcpi.dll</div> <div>2009-01-23 00:44 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>876<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\asus.reg</div> <div>2009-01-23 00:44 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>292<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\epu.reg</div> <div>2008-01-28 16:58 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>57344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AsInsHelp.dll</div> <div>2007-10-11 18:51 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HookKey32.dll</div> <div>2007-10-11 18:50 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>48128<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HookKey64.dll</div> <div>2007-08-08 14:48 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HookKey.dll</div> <div>2005-09-09 21:31 . 2011-03-13 23:57<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AsUninsHlp.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-08-11 40983152]</div> <div>"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-10-19 36864]</div> <div>"TurboV Help"="c:\program files\ASUS\TurboV EVO\TurboVHelp.exe" [2010-07-07 1089664]</div> <div>"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]</div> <div>"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2009-11-27 7274496]</div> <div>"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]</div> <div>"QFan Help"="c:\program files\QFan3\QFanHelp.exe" [2010-03-25 611968]</div> <div>"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]</div> <div>"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]</div> <div>"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]</div> <div>"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]</div> <div>"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]</div> <div>"QuickTime Task"="p:\program files\QuickTime\qttask.exe" [2010-11-29 421888]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]</div> <div>"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]</div> <div>"DNS7reminder"="p:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]</div> <div>"StartCCC"="p:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 98304]</div> <div>"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [bU]</div> <div>.</div> <div>c:\documents and settings\All Users\Start Menu\Programs\Startup\</div> <div>Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]</div> <div>WinZip Quick Pick.lnk - p:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div> <div>@="Driver"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]</div> <div>2010-03-24 21:26<span class="Apple-tab-span" style="white-space:pre"> </span>243544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]</div> <div>"AdobeFlashPlayerUpdateSvc"=3 (0x3)</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div> <div>"%windir%\\system32\\sessmgr.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=</div> <div>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</div> <div>"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=</div> <div>"p:\\Program Files\\Mass Effect 2 Demo\\Binaries\\MassEffect2.exe"=</div> <div>"p:\\Program Files\\Mass Effect 2 Demo\\MassEffect2Launcher.exe"=</div> <div>"c:\\WINDOWS\\system32\\msiexec.exe"=</div> <div>"e:\\Program Files\\Steam\\SteamApps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=</div> <div>"e:\\Program Files\\Steam\\SteamApps\\common\\Company of Heroes SP Demo\\RelicCOH.exe"=</div> <div>"e:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=</div> <div>"e:\\Program Files\\Steam\\SteamApps\\common\\the walking dead\\WalkingDead101.exe"=</div> <div>"e:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div> <div>"51001:TCP"= 51001:TCP:Dragon Smart Phone Server</div> <div>.</div> <div>R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]</div> <div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]</div> <div>R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [8/6/2010 4:53 AM 257064]</div> <div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 255968]</div> <div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]</div> <div>R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/13/2013 1:18 AM 33112]</div> <div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]</div> <div>R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [6/4/2011 10:12 AM 296808]</div> <div>R2 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 4:38 PM 418376]</div> <div>R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/14/2011 3:51 PM 701512]</div> <div>R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]</div> <div>R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]</div> <div>R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/7/2011 3:58 AM 22856]</div> <div>R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [4/26/2010 9:27 PM 64904]</div> <div>R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [4/26/2010 9:28 PM 146568]</div> <div>R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/5/2011 7:05 AM 2127728]</div> <div>S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [3/5/2011 7:09 AM 109056]</div> <div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]</div> <div>S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/26/2009 2:16 PM 223464]</div> <div>S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [7/17/2009 4:25 PM 319488]</div> <div>S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 4:38 PM 167264]</div> <div>S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [3/14/2011 4:31 AM 11264]</div> <div>S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;p:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [11/19/2010 1:18 PM 157024]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uSearchAssistant = hxxp://www.google.com/ie</div> <div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div> <div>TCP: DhcpNameServer = 192.168.1.254</div> <div>FF - ProfilePath - c:\documents and settings\newjohndoe\Application Data\Mozilla\Firefox\Profiles\p5n82ypw.default\</div> <div>FF - prefs.js: browser.startup.homepage - www.google.com</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-Locked - (no file)</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2013-05-01 05:03</div> <div>Windows 5.1.2600 Service Pack 3 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</div> <div> HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>--------------------- DLLs Loaded Under Running Processes ---------------------</div> <div>.</div> <div>- - - - - - - > 'winlogon.exe'(836)</div> <div>c:\windows\system32\Ati2evxx.dll</div> <div>c:\windows\system32\atiadlxx.dll</div> <div>.</div> <div>- - - - - - - > 'explorer.exe'(8128)</div> <div>c:\windows\system32\WININET.dll</div> <div>c:\windows\system32\ieframe.dll</div> <div>c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</div> <div>c:\windows\system32\webcheck.dll</div> <div>c:\windows\system32\WPDShServiceObj.dll</div> <div>c:\windows\system32\PortableDeviceTypes.dll</div> <div>c:\windows\system32\PortableDeviceApi.dll</div> <div>.</div> <div>Completion time: 2013-05-01 05:03:53</div> <div>ComboFix-quarantined-files.txt 2013-05-01 09:03</div> <div>ComboFix2.txt 2013-04-29 10:52</div> <div>.</div> <div>Pre-Run: 1,392,050,176 bytes free</div> <div>Post-Run: 1,393,979,392 bytes free</div> <div>.</div> <div>- - End Of File - - 64E01921395094C97B40E53E3A009A88</div> <div> </div>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.