Jump to content

alexboy

Honorary Members
  • Posts

    54
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the ESET log: C:\Install\PIC?gpj .180.exe a variant of MSIL/Packed.Confuser.B application C:\Install\PIC?gpj 101.exe a variant of MSIL/Packed.Confuser.B application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_Install-Hd-4-5-0-2_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_mspt32_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_pix478ee_exe.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats C:\Users\RKH\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application C:\Users\RKH\AppData\Local\Temp\_ir_sf_temp_0\flvinstaller.exe Win32/DownloadAdmin.A.Gen application C:\Users\RKH\AppData\Roaming\1282840980.rek.exe Win32/Fynloski.AA trojan C:\Users\RKH\Downloads\cnet2_mspt32_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\Downloads\cnet2_pix478ee_exe.exe a variant of Win32/InstallCore.D application And here is the checkup log: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` ESET ESET Online Scanner OnlineCmdLineScanner.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````
  2. Everything seems fine, and the MBAM scans have been clear. I really appreciate your help with this. Thanks again.
  3. Everything seems to be working fine. Here's the next log: # AdwCleaner v2.104 - Logfile created 01/03/2013 at 15:52:37 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : RKH - RKH-HP # Boot Mode : Normal # Running from : C:\Users\RKH\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DefaultTabSearch Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\user.js File Deleted : C:\Users\RKH\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\DefaultTab Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\RKH\AppData\Local\Conduit Folder Deleted : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Folder Deleted : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Deleted : C:\Users\RKH\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\RKH\AppData\LocalLow\Conduit Folder Deleted : C:\Users\RKH\AppData\Roaming\DefaultTab ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\DefaultTab Key Deleted : HKLM\Software\Funmoods Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3247201 --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.97 File : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico", Deleted [l.61] : keyword = "search.conduit.com", Deleted [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...] ************************* AdwCleaner[s1].txt - [10554 octets] - [03/01/2013 15:52:37] ########## EOF - C:\AdwCleaner[s1].txt - [10615 octets] ##########
  4. All right, that was easy enough. Here's the log: # AdwCleaner v2.104 - Logfile created 01/03/2013 at 12:23:22 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : RKH - RKH-HP # Boot Mode : Normal # Running from : C:\Users\RKH\Desktop\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : DefaultTabSearch Found : DefaultTabUpdate ***** [Files / Folders] ***** File Found : C:\END File Found : C:\user.js File Found : C:\Users\RKH\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\DefaultTab Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\Program Files (x86)\Yontoo Folder Found : C:\ProgramData\blekko toolbars Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\RKH\AppData\Local\Conduit Folder Found : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Folder Found : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Found : C:\Users\RKH\AppData\Local\Temp\avg@toolbar Folder Found : C:\Users\RKH\AppData\LocalLow\Conduit Folder Found : C:\Users\RKH\AppData\Roaming\DefaultTab ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\DefaultTab Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\DefaultTab Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Default Tab Key Found : HKLM\Software\DefaultTab Key Found : HKLM\Software\Funmoods Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-2664858250-3110154397-3451573822-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-2664858250-3110154397-3451573822-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-2664858250-3110154397-3451573822-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3247201 -\\ Google Chrome v23.0.1271.97 File : C:\Users\RKH\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico", Found [l.61] : keyword = "search.conduit.com", Found [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201", ************************* AdwCleaner[R1].txt - [10731 octets] - [03/01/2013 12:23:22] ########## EOF - C:\AdwCleaner[R1].txt - [10792 octets] ##########
  5. OK, I ran the scan and it came up with 24 items. MBAM still shows clear, by the way. I think this is the log you asked for : C:\Install\PIC?gpj .180.exe a variant of MSIL/Packed.Confuser.B application C:\Install\PIC?gpj 101.exe a variant of MSIL/Packed.Confuser.B application C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_Install-Hd-4-5-0-2_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_mspt32_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\ICReinstall\cnet2_pix478ee_exe.exe a variant of Win32/InstallCore.D application C:\Users\RKH\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats C:\Users\RKH\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application C:\Users\RKH\AppData\Local\Temp\_ir_sf_temp_0\flvinstaller.exe Win32/DownloadAdmin.A.Gen application C:\Users\RKH\Downloads\cnet2_mspt32_zip.exe a variant of Win32/InstallCore.D application C:\Users\RKH\Downloads\cnet2_pix478ee_exe.exe a variant of Win32/InstallCore.D application J:\RKH-HP\Backup Set 2012-07-22 152025\Backup Files 2012-07-22 152025\Backup files 4.zip a variant of Win32/InstallCore.D application J:\RKH-HP\Backup Set 2012-07-22 152025\Backup Files 2012-08-12 144014\Backup files 2.zip Win32/Toolbar.SearchSuite application K:\$RECYCLE.BIN\S-1-5-21-2664858250-3110154397-3451573822-1000\$R6H5MFO\Backup Set 2012-08-19 090012\Backup Files 2012-08-19 090012\Backup files 5.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-08-26 152730\Backup Files 2012-08-26 152730\Backup files 5.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-09-09 170003\Backup Files 2012-09-09 170003\Backup files 5.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-09-30 074335\Backup Files 2012-09-30 074335\Backup files 5.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-10-21 084540\Backup Files 2012-10-21 084540\Backup files 6.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-11-18 080100\Backup Files 2012-11-18 080100\Backup files 6.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-12-16 083625\Backup Files 2012-12-16 083625\Backup files 1.zip a variant of Win32/Fynloski.AA trojan K:\RKH-HP\Backup Set 2012-12-16 083625\Backup Files 2012-12-16 083625\Backup files 7.zip a variant of Win32/InstallCore.D application K:\RKH-HP\Backup Set 2012-12-16 083625\Backup Files 2012-12-24 092626\Backup files 1.zip a variant of Win32/Fynloski.AA trojan Operating memory a variant of Win32/Adware.Yontoo.A application
  6. Just wanted to update you on my status. I was considering re-installing Windows 7 (since I still can't get ComboFix to work), but I continued to update and run daily MBAM scans. A few days ago the scan came back clean, and it's been good since, so I'm assuming that one of the updates must have resolved this infection. Your thoughts? I understand the computer may still have been compromised, but at this point I think I'll just let it ride and keep an eye on my online banking accounts. Here's the latest result of the MBAM scan: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RKH :: RKH-HP [administrator] 1/1/2013 11:01:17 AM mbam-log-2013-01-01 (11-01-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225447 Time elapsed: 4 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. OK, nothing seems to be working. I guess I'll proceed with trying to reinstall Windows instead. I'll let you know if that works.
  8. Thanks again. Ugh, not what I was hoping to hear, but I appreciate the heads up. I would like to proceed with trying to remove the trojan (I have great confidence in my bank informing me of anything that is unusual), but I wa sunable to use ComboFix. I got a message saying incompatible OS (only XP and 2000). I'm using Windows 7, and the page said it would work with this OS, but i still get the message after running it. I'm probably doing something stupid, and I'm hoping you can tell me what it is.
  9. Hey, thanks for your help. Here are the logs you requested, starting with the MBAM log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RKH :: RKH-HP [administrator] 12/20/2012 9:37:39 AM mbam-log-2012-12-20 (09-40-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225365 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Detected: 1 C:\Users\RKH\Documents\MSDCSC\msdcsc.exe (Backdoor.Agent.DCRSAGen) -> 3504 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MicroUpdate (Backdoor.Agent.DCRSAGen) -> Data: C:\Users\RKH\Documents\MSDCSC\msdcsc.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Calculator (Backdoor.Agent.DCRSAGen) -> Data: C:\Users\RKH\AppData\Local\Temp\\Smart.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\RKH\AppData\Roaming\dclogs (Stolen.Data) -> No action taken. Files Detected: 4 C:\Users\RKH\Documents\MSDCSC\msdcsc.exe (Backdoor.Agent.DCRSAGen) -> No action taken. C:\Users\RKH\AppData\Local\Temp\Smart.exe (Backdoor.Agent.DCRSAGen) -> No action taken. C:\Users\RKH\My Documents\MSDCSC\msdcsc.exe (Trojan.Agent) -> No action taken. C:\Users\RKH\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> No action taken. (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by RKH at 22:17:23 on 2012-12-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.5950 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\WUDFHost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\SearchIndexer.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\IDT\WDM\Beats64.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\yProxy\yProxy.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\RKH\Documents\MSDCSC\msdcsc.exe C:\windows\SysWOW64\notepad.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\sppsvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\SearchFilterHost.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?r849=1339861920 mWinlogon: Userinit = userinit.exe, BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [Google Update] "C:\Users\RKH\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [yProxy yEnc Decoder] C:\Program Files (x86)\yProxy\yProxy.exe uRun: [ramba] C:\Install\PIC?gpj 101.exe uRun: [MicroUpdate] C:\Users\RKH\Documents\MSDCSC\msdcsc.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{C15287F8-087B-4FD8-8FB6-26B135095229} : DHCPNameServer = 97.64.183.164 97.64.209.37 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-4-13 16152] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-13 204288] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648] R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-4-13 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-13 161560] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-4-13 1128952] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-13 363800] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-4-13 231440] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-4-13 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-4-13 785688] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-4-13 108656] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2012-4-13 1582144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-19 20:59:56 -------- d-----w- C:\Program Files (x86)\GeoVid 2012-12-19 19:48:41 -------- d-----w- C:\Users\RKH\AppData\Local\{B28C42E4-15D1-4358-9875-D81FE117C982} 2012-12-18 20:32:15 -------- d-----w- C:\Users\RKH\AppData\Local\{BEF3FCEF-EF67-4D64-88D8-D89F46D9D723} 2012-12-18 20:05:46 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24E62A61-38C4-44E6-9B53-3537585C5AC5}\mpengine.dll 2012-12-17 21:47:56 -------- d-----w- C:\Users\RKH\AppData\Local\{DB4F9918-D8F0-443A-B84D-E0AD580CCCD5} 2012-12-17 03:34:23 -------- d-----w- C:\Users\RKH\AppData\Local\{D13C72DD-36F0-40F5-8567-E19BE62C1E62} 2012-12-16 15:34:01 -------- d-----w- C:\Users\RKH\AppData\Local\{884FE027-16F9-4854-8889-BA62113BF6D4} 2012-12-16 03:33:39 -------- d-----w- C:\Users\RKH\AppData\Local\{0AE1C7BD-9907-42BE-B454-30DDE86AEC6F} 2012-12-15 15:33:27 -------- d-----w- C:\Users\RKH\AppData\Local\{62F58855-D831-422D-A08C-05619FEA6FD4} 2012-12-14 22:15:52 -------- d-----w- C:\Users\RKH\AppData\Local\{740F60C7-CB80-457E-B4D6-B214E2CDD2BC} 2012-12-13 23:29:04 -------- d-----w- C:\Users\RKH\AppData\Local\{841F01E6-CE69-492C-886E-709BBBA4281B} 2012-12-13 01:30:02 -------- d-----w- C:\Install 2012-12-12 22:17:35 -------- d-----w- C:\Users\RKH\AppData\Local\{53CD2574-732D-4947-A013-4284EDA8B368} 2012-12-11 20:00:11 -------- d-----w- C:\Users\RKH\AppData\Local\{6620F6D8-5E1C-4AA1-9AA9-F23DE69D69A1} 2012-12-10 18:55:29 -------- d-----w- C:\Users\RKH\AppData\Local\{88C2DFD8-AC45-417D-958B-3B0D78BE0782} 2012-12-10 03:14:57 -------- d-----w- C:\Users\RKH\AppData\Local\{E4F392BE-FD7D-426B-B55D-7E5B3A682193} 2012-12-09 15:14:34 -------- d-----w- C:\Users\RKH\AppData\Local\{35EB97D3-30A5-4C87-A62F-09D83A7F51CB} 2012-12-08 18:00:32 -------- d-----w- C:\Users\RKH\AppData\Local\{3EC3A92B-765F-4A45-874C-E2ED651B92AE} 2012-12-07 20:51:57 -------- d-----w- C:\Users\RKH\AppData\Local\{E34B9C3D-E6A5-4AB9-A2EB-3334D6A5C775} 2012-12-06 21:19:42 -------- d-----w- C:\Users\RKH\AppData\Local\{538C4F4F-50E0-465E-8CB7-FB4BF42AE213} 2012-12-05 23:26:41 -------- d-----w- C:\Users\RKH\AppData\Local\{037EB9C0-9D99-4313-91C3-AFD7EEB80701} 2012-12-04 22:48:33 -------- d-----w- C:\Users\RKH\AppData\Local\{23D42AF0-FA30-4461-B216-DA7B7B7EAF64} 2012-12-04 00:09:54 -------- d-----w- C:\Users\RKH\AppData\Local\{CF0982C2-A039-4F83-9882-26A1466AFCD4} 2012-12-03 04:27:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-03 04:27:01 -------- d-----w- C:\Program Files\iTunes 2012-12-03 04:27:01 -------- d-----w- C:\Program Files\iPod 2012-12-03 04:27:01 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-03 02:45:54 -------- d-----w- C:\Users\RKH\AppData\Local\{181C4336-19D6-4E9C-AED1-57D88C78A88D} 2012-12-02 14:45:42 -------- d-----w- C:\Users\RKH\AppData\Local\{CAE38D62-B390-4C28-B0B1-9BDECD9AE652} 2012-12-02 01:58:55 -------- d-----w- C:\Users\RKH\AppData\Local\{0231818E-3AD8-488D-A4FA-FBE09D63F91A} 2012-12-01 13:58:32 -------- d-----w- C:\Users\RKH\AppData\Local\{A69BB4B8-412B-4C35-A783-C4E02A72F8C1} 2012-11-30 22:26:31 -------- d-----w- C:\Users\RKH\AppData\Local\{3023B1D5-624A-417F-8A2A-053AB728B86A} 2012-11-29 22:35:34 -------- d-----w- C:\Users\RKH\AppData\Local\{DE824A38-0558-47B3-8205-B259895F630C} 2012-11-28 23:05:12 -------- d-----w- C:\Users\RKH\AppData\Local\{C2ECF122-1E82-4AD0-A8C6-1A18DA293EF5} 2012-11-27 23:08:34 -------- d-----w- C:\Users\RKH\AppData\Local\{2871C24D-6033-4C7F-A0C0-B7402219F748} 2012-11-26 22:37:52 -------- d-----w- C:\Users\RKH\AppData\Local\{C5F77E1A-2544-4037-A105-6EB0C0EA8DB7} 2012-11-26 01:47:48 -------- d-----w- C:\Users\RKH\AppData\Local\{ADC05EED-BF83-4761-90D3-C1CBEF0B89E7} 2012-11-25 13:47:24 -------- d-----w- C:\Users\RKH\AppData\Local\{5E3B372B-09CD-48B6-96AE-3DD420C18F1B} 2012-11-24 17:23:33 -------- d-----w- C:\Users\RKH\AppData\Local\{F16CDC78-496E-4880-93D1-A6364D301152} 2012-11-24 05:22:58 -------- d-----w- C:\Users\RKH\AppData\Local\{0EA328C4-D26D-46C4-90FC-8E467A3D0DFB} 2012-11-23 17:22:36 -------- d-----w- C:\Users\RKH\AppData\Local\{35C2D9DA-DC68-4905-9FDD-3824B0E2743C} 2012-11-23 05:22:01 -------- d-----w- C:\Users\RKH\AppData\Local\{18BBF2C0-907A-4F46-9D10-56AAE5B9A60D} 2012-11-22 15:27:03 -------- d-----w- C:\Users\RKH\AppData\Local\{498420A5-8E8D-4302-A489-9BA23A0CCE78} 2012-11-21 22:20:00 -------- d-----w- C:\Users\RKH\AppData\Local\{238E0858-2C21-4389-BB54-FF1BA2EC9FDA} 2012-11-20 23:38:32 -------- d-----w- C:\Users\RKH\AppData\Local\{E4752486-F36A-4458-B2DD-F00699AEC202} . ==================== Find3M ==================== . 2012-12-11 20:02:54 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 20:02:54 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-05 21:35:16 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-30 00:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll 2001-12-29 18:17:00 448512 ----a-w- C:\Program Files\mspt32install.exe . ============= FINISH: 22:17:37.57 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/6/2012 9:30:38 AM System Uptime: 12/19/2012 10:10:32 PM (0 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AD5 Processor: Intel® Core i7-2600 CPU @ 3.40GHz | | 3401/29285mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1846 GiB total, 1753.943 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2.121 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 1397 GiB total, 62.236 GiB free. K: is FIXED (NTFS) - 2795 GiB total, 1390.898 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 802.11n Wireless LAN Card Adobe AIR Adobe Flash Player 11 ActiveX AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 Bejeweled 3 Bing Bar Blackhawk Striker 2 Blio Bonjour Bubble Wrap Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cradle of Rome 2 D3DX10 DirectX for Managed Code Update (Summer 2004) Dora's World Adventure Facebook Farm Frenzy Farmscapes FATE Final Drive Fury GeoVid Flash Player Google Chrome Google Earth Google Update Helper Hewlett-Packard ACLM.NET v1.1.2.0 Hoyle Card Games HP Application Assistant HP Auto HP Calendar HP Client Services HP Clock HP Customer Experience Enhancements HP Games HP LinkUp HP Magic Canvas HP Magic Canvas Tutorials HP MovieStore HP Notes HP Odometer HP Product Detection HP RSS HP Setup HP Setup Manager HP Support Assistant HP Support Information HP TouchSmart Background - Beats HP TouchSmart RecipeBox HP Update HP Vision Hardware Diagnostics HP Weather HydraVision Intel® Management Engine Components Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Kobo LabelPrint Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 1.65.1.1000 MasterSplitter Program Matrix-ks Mesh Runtime Metric Converter Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Mathematics Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Online Backup opensource PDF Complete Special Edition Penguins! Pixia Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PressReader QuickTime Recovery Manager Remote Graphics Receiver RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 Spot Tap Tap Bear The Treasures of Mystery Island: The Ghost Ship Torchlight TSHostedAppLauncher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VideoFileDownload Virtual Villagers 4 - The Tree of Life VLC media player 2.0.3 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (64-bit) Yontoo 1.10.02 yProxy Zinio Reader 4 Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 12/19/2012 4:04:23 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  10. When performing a quick scan with the free version of Malwarebytes, I continually get 9 or 10 infections, which are then successfully removed by the program. However, upon restart they show up again right away, before I have even accessed a program. I have attached the required files. Any help would be greatly appreciated. I should note that these infections do not seem to have any adverse affects on my system as far as I can determine, I would just prefer to get rid of them just to be safe. Thank you for your consideration. dds.txt attach.txt
  11. Here's the DDS text: DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrator at 21:15:21.51 on Mon 04/19/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1252 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Documents and Settings\HP_Administrator\Desktop\yProxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://m.www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe" mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: trymedia.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257831940671 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-12 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-12 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-12 242696] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-7-21 468768] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-19 133104] =============== Created Last 30 ================ 2010-04-19 02:07:09 0 d-----w- c:\program files\ESET 2010-04-18 14:23:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-18 14:23:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-18 13:58:13 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-04-18 13:58:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-04-18 13:58:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-18 13:58:12 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-17 01:07:29 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable 2010-03-22 01:59:29 0 d-----w- c:\docume~1\hp_adm~1\applic~1\TrueCrypt 2010-03-22 01:59:06 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-03-22 01:59:04 0 d-----w- c:\program files\TrueCrypt 2010-03-21 13:36:11 0 d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt ==================== Find3M ==================== 2010-03-13 14:45:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-13 14:45:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-13 14:45:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-12 23:02:38 261632 ----a-w- c:\windows\PEV.exe 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys 2009-12-18 22:43:20 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe 2008-12-17 02:16:00 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe 2008-11-12 00:16:26 14622342 ----a-w- c:\program files\vlc-0.9.6-win32.exe 2008-11-06 23:38:24 2078831 ----a-w- c:\program files\mplayerc_20081005.zip 2006-08-28 22:40:27 13736064 ----a-w- c:\program files\GoogleEarthWin.exe 2006-08-28 19:43:49 37518744 ----a-w- c:\program files\iTunesSetup.exe 2006-08-28 19:33:35 5834344 ----a-w- c:\program files\winzip100.exe 2006-08-28 02:42:33 410309 ----a-w- c:\program files\yproxy12.zip 2006-08-28 00:39:14 198656 ----a-w- c:\program files\yproxywizard.exe 2006-10-31 02:40:08 22 -csha-w- c:\windows\sminst\HPCD.sys 2009-11-10 09:27:22 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-11-10 09:27:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009111020091111\index.dat ============= FINISH: 21:15:56.40 ===============
  12. Sorry for the delay. I ran ESET and it found and cleaned 7 infections, but I accidentally deleted it before obtaining the log results. So I ran it again and everything was clean. Here's the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=93f7d9c8df95434c9a4f64755a9ed4bb # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-04-19 01:37:03 # local_time=2010-04-19 08:37:03 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 48514941 48514941 0 0 # compatibility_mode=1024 16777191 100 0 12684213 12684213 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=323334 # found=0 # cleaned=0 # scan_time=6870 Thanks again for all your help with this.
  13. That seems to have done the trick. Thankfully a relatively mild infection as these things go. I really appreciate your assistance. Here's the MBAM log, and I'll wait to hear back from you before enabling my anti-virus software and uninstalling Combofix (if necessary). Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4004 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/18/2010 9:34:46 AM mbam-log-2010-04-18 (09-34-46).txt Scan type: Quick scan Objects scanned: 123767 Time elapsed: 10 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  14. FYI, I'm no longer getting any pop-ups, and the only sign of an infection I notice is that MBAM still doesn't open. The error code when I try to run it has changed to 714(0,9). Here's the requested text: ComboFix 10-04-15.05 - HP_Administrator 04/17/2010 12:41:24.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1442 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\windows\system32\goyinoro.dll.tmp file zipped: c:\windows\system32\negokofi.dll file zipped: c:\windows\system32\nunayeta.dll file zipped: c:\windows\system32\rapepute.dll.tmp file zipped: c:\windows\system32\wowinule.dll.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\goyinoro.dll.tmp c:\windows\system32\negokofi.dll c:\windows\system32\nunayeta.dll c:\windows\system32\rapepute.dll.tmp c:\windows\system32\wowinule.dll.tmp . ((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 ))))))))))))))))))))))))))))))) . 2010-04-17 15:43 . 2010-04-17 15:43 -------- d-----w- c:\windows\LastGood 2010-04-07 21:18 . 2010-04-07 21:18 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-04-07 02:34 . 2010-04-07 02:34 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google 2010-04-02 14:29 . 2010-04-02 14:30 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe 2010-04-01 21:28 . 2010-04-01 21:28 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-04-01 21:28 . 2010-04-01 21:28 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll 2010-04-01 21:28 . 2010-04-01 21:28 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2010-04-01 21:28 . 2010-04-01 21:28 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll 2010-04-01 21:28 . 2010-04-01 21:28 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2010-04-01 21:28 . 2010-04-01 21:28 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-04-01 21:28 . 2010-04-01 21:28 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll 2010-04-01 21:28 . 2010-04-01 21:28 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-04-01 21:28 . 2010-04-01 21:28 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2010-04-01 21:28 . 2010-04-01 21:28 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-04-01 21:28 . 2010-04-01 21:28 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe 2010-04-01 21:27 . 2010-04-01 21:27 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-01 21:27 . 2010-04-01 21:27 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-22 01:59 . 2010-03-22 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TrueCrypt 2010-03-22 01:59 . 2010-03-22 01:59 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2010-03-22 01:59 . 2010-03-22 01:59 -------- d-----w- c:\program files\TrueCrypt 2010-03-21 13:36 . 2010-03-21 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 02:59 . 2008-10-06 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-15 21:43 . 2009-11-11 17:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate 2010-03-29 23:39 . 2008-12-03 19:24 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-29 20:24 . 2009-11-10 04:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 20:24 . 2009-11-10 04:43 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 14:45 . 2009-11-13 01:19 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-13 14:45 . 2010-03-13 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-13 14:45 . 2009-11-13 01:19 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-13 14:45 . 2009-11-13 01:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:15 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-02 23:30 . 2010-03-02 23:28 -------- d-----w- c:\program files\Bulk Image Downloader 2010-03-02 23:29 . 2010-03-02 23:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BID 2010-03-01 04:17 . 2010-03-01 04:12 -------- d-----w- c:\program files\ConsumerSoft 2010-03-01 04:12 . 2010-03-01 04:12 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ConsumerSoft 2010-02-25 06:24 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-10 04:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-10 11:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-10 11:00 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-10 04:00 100864 ------w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 04:00 226880 ------w- c:\windows\system32\drivers\tcpip6.sys 2009-12-18 22:43 . 2009-12-18 22:38 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe 2008-12-17 02:16 . 2008-12-17 02:16 7518240 ----a-w- c:\program files\Firefox Setup 3.0.5.exe 2008-11-12 00:16 . 2008-11-12 00:16 14622342 ----a-w- c:\program files\vlc-0.9.6-win32.exe 2008-11-06 23:38 . 2008-11-06 23:38 2078831 ----a-w- c:\program files\mplayerc_20081005.zip 2006-08-28 22:40 . 2006-08-28 22:40 13736064 ----a-w- c:\program files\GoogleEarthWin.exe 2006-08-28 19:43 . 2006-08-28 19:43 37518744 ----a-w- c:\program files\iTunesSetup.exe 2006-08-28 19:33 . 2006-08-28 19:33 5834344 ----a-w- c:\program files\winzip100.exe 2006-08-28 02:42 . 2008-09-26 21:25 410309 ----a-w- c:\program files\yproxy12.zip 2006-08-28 00:39 . 2006-08-28 00:39 198656 ----a-w- c:\program files\yproxywizard.exe 2006-10-31 02:40 . 2006-10-31 01:40 22 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-7-21 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-13 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-06-21 00:06 1519616 ----a-w- c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/12/2009 8:19 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/12/2009 8:19 PM 242696] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 9:45 AM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 9:45 AM 308064] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [7/21/2006 1:40 AM 468768] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/19/2009 2:08 PM 133104] . Contents of the 'Scheduled Tasks' folder 2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:08] 2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://m.www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm Trusted Zone: trymedia.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-17 12:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-04-17 12:51:12 ComboFix-quarantined-files.txt 2010-04-17 17:51 ComboFix2.txt 2010-04-17 13:31 ComboFix3.txt 2009-08-31 23:12 Pre-Run: 168,008,450,048 bytes free Post-Run: 168,195,645,440 bytes free - - End Of File - - EF8B40066010D34D44731C4196077700 Upload was successful
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.