Jump to content

Laptop Infected Ping.exe


joeym1
 Share

Recommended Posts

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Here are the two logs. While the OTL scan was running malwarebytes found cloudav2012 and quaratined it.

Thanks for the help

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

OTL.Txt

Extras.Txt

Link to post
Share on other sites

OK, Please disable Spybots teatimer as explained in the link below:

http://www.malwarehelp.org/how-to-enabledisable-spybot-teatimer.html

-------------------------------------------

Next:

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:


del /a/f/q "C:\WINDOWS\Tasks\At*.job"

Save this as delete.bat and choose to Save as type: - All Files then close the Notepad file.

It should look like this: bat.JPG

Double-click on delete.bat and allow it to run. Please delete the file afterwards.

-------------------------------------------

Next:

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/12/01 17:40:34 | 000,379,904 | ---- | M] () -- C:\Users\Bonnie\AppData\Local\Temp\libsqlitejdbc-1494630364938104163.lib
    MOD - [2011/12/01 17:40:28 | 000,199,168 | ---- | M] () -- C:\Users\Bonnie\AppData\Local\Temp\WindowsAPI.dll6899994918226167579.lib
    [2011/11/26 16:19:35 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\DSS22ibbF3p
    [2011/11/26 16:19:35 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\aGGG5aaQH6dW7fL
    [2011/11/26 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\PbbbD33onG4aH6W
    [2011/11/26 16:19:31 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\ZsssWKK7fEL9
    [2011/11/26 16:19:31 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\dVVrrzONNtA0
    [2011/11/26 16:19:27 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\VUUUVrrlOBtx0yS
    [2011/11/26 16:18:11 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\lF3pmG5aQ
    [2011/11/26 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\GUVelIBtzNc1v
    [2011/11/26 16:18:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\wwkUVelOBz0c1v2
    [2011/11/26 16:18:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\UUVelOBtz0c1v2n
    [2011/11/26 16:18:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\bnF4pmH5sJdKR9
    [2011/11/26 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\oEEEL99gTZqjCwI
    [2011/11/26 16:14:37 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\OobbFF3pmG5aQ6W
    [2011/11/26 16:14:36 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\NrrzzPNyyx1uv2
    [2011/11/26 16:14:36 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\ARRZZ9hhTXwUClI
    [2011/11/25 23:51:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\XivD2onF4m5Q7E8
    [2011/11/25 23:51:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\CVelOBtzPyA
    [2011/11/25 23:51:04 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\g1ibD3onGaH
    [2011/11/25 23:47:18 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\UhhTTXqjjUekIrO
    [2011/11/25 23:47:18 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\syyyxxA0uvS
    [2011/11/25 23:33:55 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\OcA1uvD2oFpGsJd
    [2011/11/25 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\jkkIIVrrzO
    [2011/11/25 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\btttxAA0ucS2bD
    [2011/11/25 09:03:29 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\YtttzzPNycA1v
    [2011/11/25 09:03:29 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\wgggRZZ9hYXwUVl
    [2011/11/25 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\tCCCekkIBrzNy
    [2011/11/25 09:03:25 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\X444pmmG5sQJdE8
    [2011/11/25 09:03:25 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\KIBBrrzPNyxA1v2
    [2011/11/25 09:03:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\l6dddWK7fRL9
    [2011/11/25 08:53:40 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\IelOBtzPc1v2
    [2011/11/25 08:53:40 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\FpmH5sQJ7
    [2011/11/25 08:33:13 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\vkIVrlONtPuSiDo
    [2011/11/25 08:33:12 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\b7fEL9gTZjC
    [2011/11/25 00:00:29 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\A1F77
    [2011/11/25 00:00:17 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\u8ggRZ9hXwjUeIt
    [2011/11/25 00:00:17 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\927A1
    [2011/11/25 00:00:16 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\YvD22onFpmH5Q7E
    [2011/11/25 00:00:13 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\D6ddEK8fZ9hTwUe
    [2011/11/25 00:00:12 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\donFFppm5sQ7EKg
    [2011/11/25 00:00:11 | 000,000,000 | ---D | C] -- C:\Users\Bonnie\AppData\Roaming\b7dEEL8gZqhXwUe
    [2011/11/26 16:30:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\i8QMyxE.com.b
    [2011/11/26 16:29:53 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\i8QMyxE.com
    [2011/11/26 16:29:53 | 000,000,112 | ---- | M] () -- C:\ProgramData\1Ws80lcpx.dat
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Here's the log

All processes killed

========== OTL ==========

C:\Users\Bonnie\AppData\Roaming\DSS22ibbF3p folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\aGGG5aaQH6dW7fL folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\PbbbD33onG4aH6W folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\ZsssWKK7fEL9 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\dVVrrzONNtA0 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\VUUUVrrlOBtx0yS folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\lF3pmG5aQ folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\GUVelIBtzNc1v folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\wwkUVelOBz0c1v2 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\UUVelOBtz0c1v2n folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\bnF4pmH5sJdKR9 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\oEEEL99gTZqjCwI folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\OobbFF3pmG5aQ6W folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\NrrzzPNyyx1uv2 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\ARRZZ9hhTXwUClI folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\XivD2onF4m5Q7E8 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\CVelOBtzPyA folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\g1ibD3onGaH folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\UhhTTXqjjUekIrO folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\syyyxxA0uvS folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\OcA1uvD2oFpGsJd folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\jkkIIVrrzO folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\btttxAA0ucS2bD folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\YtttzzPNycA1v folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\wgggRZZ9hYXwUVl folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\tCCCekkIBrzNy folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\X444pmmG5sQJdE8 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\KIBBrrzPNyxA1v2 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\l6dddWK7fRL9 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\IelOBtzPc1v2 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\FpmH5sQJ7 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\vkIVrlONtPuSiDo folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\b7fEL9gTZjC folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\A1F77 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\u8ggRZ9hXwjUeIt folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\927A1 folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\YvD22onFpmH5Q7E folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\D6ddEK8fZ9hTwUe folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\donFFppm5sQ7EKg folder moved successfully.

C:\Users\Bonnie\AppData\Roaming\b7dEEL8gZqhXwUe folder moved successfully.

C:\Windows\SysWOW64\i8QMyxE.com.b moved successfully.

C:\Windows\SysWOW64\i8QMyxE.com moved successfully.

C:\ProgramData\1Ws80lcpx.dat moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

Link to post
Share on other sites

OK, we're getting there.

We have to run ComboFix now:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Here's combofix.txt log

ComboFix 11-12-01.03 - Bonnie 12/01/2011 21:10:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.4078 [GMT -5:00]

Running from: c:\users\Bonnie\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bonnie\AppData\Local\Temp\libsqlitejdbc-7773829469151546413.lib

c:\users\Bonnie\AppData\Local\Temp\swt-gdip-win32-3448.dll

c:\users\Bonnie\AppData\Local\Temp\swt-win32-3448.dll

c:\users\Bonnie\AppData\Local\Temp\WindowsAPI.dll2140359656692700863.lib

c:\users\Bonnie\GoToAssistDownloadHelper.exe

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))

.

.

2011-12-02 02:16 . 2011-12-02 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-02 01:26 . 2011-12-02 01:26 -------- d-----w- C:\_OTL

2011-11-27 02:15 . 2011-11-27 02:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-27 02:15 . 2011-11-27 02:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-11-26 22:59 . 2011-11-26 22:59 -------- d-----w- c:\programdata\GFI Software

2011-11-26 22:57 . 2011-11-26 22:57 -------- d-----w- c:\program files (x86)\GFI Software

2011-11-26 22:56 . 2011-11-26 22:56 -------- d-----w- c:\users\Bonnie\AppData\Roaming\GFI Software

2011-11-26 22:21 . 2011-11-26 22:21 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-26 21:28 . 2011-11-26 21:28 -------- d-----w- c:\users\Bonnie\AppData\Roaming\Malwarebytes

2011-11-26 21:28 . 2011-11-26 21:28 -------- d-----w- c:\programdata\Malwarebytes

2011-11-26 21:28 . 2011-11-26 21:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-26 21:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-26 04:18 . 2011-11-26 04:44 -------- d-----w- c:\windows\system32\SPReview

2011-11-26 04:16 . 2011-11-26 04:16 -------- d-----w- c:\windows\system32\EventProviders

2011-11-26 04:16 . 2011-11-26 04:44 -------- d-----w- C:\acffac96e505373d8eeee3e8b8

2011-11-25 13:44 . 2011-11-25 13:44 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2011-11-19 19:59 . 2011-11-20 18:13 -------- d-----w- C:\temp

2011-11-19 18:50 . 2011-11-19 18:50 -------- d-----w- c:\users\Bonnie\AppData\Local\NJCrawford Software

2011-11-19 18:49 . 2011-11-19 18:49 -------- d-----w- c:\program files (x86)\Embroidery Reader

2011-11-19 16:39 . 2011-02-15 16:28 18768 ----a-w- c:\windows\system32\roboot64.exe

2011-11-19 16:39 . 2011-11-19 16:40 -------- d-----w- c:\program files (x86)\WinZip System Utilities Suite

2011-11-19 16:39 . 2011-11-19 16:39 -------- d-----w- c:\program files\Google

2011-11-19 16:39 . 2011-11-23 03:40 -------- d-----w- c:\users\Bonnie\AppData\Local\Google

2011-11-19 16:38 . 2011-11-19 16:39 -------- d-----w- c:\program files (x86)\Google

2011-11-19 16:34 . 2011-11-19 16:40 -------- d-----w- c:\users\Bonnie\AppData\Roaming\WinZip

2011-11-19 16:26 . 2011-11-19 16:26 -------- d-----w- c:\users\Bonnie\AppData\Roaming\Corel

2011-11-19 16:26 . 2011-11-19 16:26 848 --sha-w- c:\programdata\KGyGaAvL.sys

2011-11-19 16:26 . 2011-11-19 18:24 -------- d-----w- c:\users\Bonnie\AppData\Roaming\Ulead Systems

2011-11-19 15:30 . 2011-11-19 15:30 -------- d-----w- c:\program files (x86)\Kaspersky Security Scan

2011-11-19 15:30 . 2011-11-19 15:30 -------- d-----w- c:\users\Bonnie\AppData\Local\WinZip

2011-11-19 15:30 . 2011-11-19 15:30 -------- d-----w- c:\programdata\WinZip

2011-11-19 15:04 . 2011-11-19 15:04 -------- d-----w- c:\programdata\ParetoLogic

2011-11-19 15:04 . 2011-11-19 15:04 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic

2011-11-13 03:47 . 2011-11-13 03:47 -------- d-----w- c:\programdata\RegWork

2011-11-13 03:47 . 2011-11-13 03:48 -------- d-----w- c:\program files (x86)\Ask.com

2011-11-13 03:47 . 2011-11-13 03:47 -------- d-----w- c:\program files (x86)\BackUpDutyLite

2011-11-13 03:47 . 2011-11-13 03:47 -------- d-----w- c:\program files (x86)\RegWork

2011-11-13 03:39 . 2011-11-13 03:39 -------- d-----w- c:\programdata\FileCure

2011-11-13 03:39 . 2011-11-13 03:39 -------- d-----w- c:\program files (x86)\ParetoLogic

2011-11-13 03:34 . 2011-11-13 03:34 -------- d-----w- c:\users\Bonnie\AppData\Roaming\SpeedyPC Software

2011-11-13 03:34 . 2011-11-13 03:34 -------- d-----w- c:\users\Bonnie\AppData\Roaming\DriverCure

2011-11-13 03:34 . 2011-11-13 03:34 -------- d-----w- c:\programdata\SpeedyPC Software

2011-11-13 03:34 . 2011-11-13 03:34 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2011-11-13 03:34 . 2011-11-13 03:34 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software

2011-11-13 01:18 . 2011-11-20 14:51 -------- d-----w- C:\Embroidery Album

2011-11-13 01:18 . 2011-11-13 01:18 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared

2011-11-13 01:18 . 2010-09-27 21:42 4180576 ----a-w- c:\windows\system32\hasplms.exe

2011-11-13 01:18 . 2009-03-13 16:55 318464 ----a-w- c:\windows\system32\drivers\hardlock.sys

2011-11-13 01:17 . 2009-11-10 02:09 49680 ----a-w- c:\windows\TWUNd6ef.rra

2011-11-13 01:17 . 2009-11-10 02:09 25600 ----a-w- c:\windows\TWUNd76c.rra

2011-11-13 01:17 . 2009-11-10 02:09 94784 ----a-w- c:\windows\TWAIcf42.rra

2011-11-13 01:17 . 2009-11-10 02:09 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX

2011-11-13 01:17 . 2011-11-13 01:17 -------- d-----w- c:\program files (x86)\Janome

2011-11-13 01:17 . 2009-11-10 02:09 244232 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX

2011-11-13 01:00 . 2000-08-04 19:25 49152 ------w- c:\windows\SysWow64\INETWH32.dll

2011-11-13 01:00 . 1999-10-15 17:50 1056768 ------w- c:\windows\SysWow64\Roboex32.dll

2011-11-13 01:00 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2011-11-13 00:58 . 2011-11-13 01:00 -------- d-----w- c:\program files (x86)\Buzz Tools

2011-11-13 00:58 . 2011-11-13 00:59 -------- d-----w- c:\windows\Buzz Tools Plus

2011-11-10 02:23 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-10 02:23 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-10 02:23 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 02:23 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 20:21 . 2011-11-05 20:21 -------- d-----w- c:\programdata\Sony Online Entertainment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 03:21 . 2011-10-14 02:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:59 . 2011-10-14 02:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-08-24 02:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-07 26211624]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-08-18 2036]

"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2011-03-03 591248]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-08-18 2036]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"BackUpDutyLite"="c:\program files (x86)\BackUpDutyLite\BackUpDutyLite.exe" [2011-09-05 407552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kaspersky Security Scan.lnk - c:\program files (x86)\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110712.033\IDSvia64.sys [2011-07-08 488056]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]

S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-02-15 263504]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-28 136824]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-28 c:\windows\Tasks\BackUpDutyLite.job

- c:\program files (x86)\BackUpDutyLite\BackUpDutyLite.exe [2011-09-05 08:08]

.

2011-11-27 c:\windows\Tasks\FileCure Default.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2011-12-02 c:\windows\Tasks\FileCure Startup.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 16:39]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 16:39]

.

2011-11-03 c:\windows\Tasks\HPCeeScheduleForBonnie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2011-12-01 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-11-27 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]

.

2011-11-25 c:\windows\Tasks\Regwork.job

- c:\program files (x86)\RegWork\RegWork.exe [2011-09-20 08:06]

.

2011-11-16 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]

.

2011-12-01 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-11-16 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"combofix"="c:\combofix\CF6903.3XE" [2009-07-14 344576]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?l=dis&o=16148

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\gr40ppfc.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=16148

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BCPA&o=16145&locale=en_US&apn_uid=26F6EA50-2DE6-438C-BCEB-F6B80142B656&apn_ptnrs=QK&apn_sauid=28AB9EBB-58A7-44A7-B011-680A5F991BF5&apn_dtid=YYYYYYLMUS&&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\windows\system32\hasplms.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2011-12-01 21:23:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-02 02:23

.

Pre-Run: 551,342,821,376 bytes free

Post-Run: 550,643,073,024 bytes free

.

- - End Of File - - 2FB4390D9B9FC71EE997DB1E392FEDD9

Link to post
Share on other sites

Nothing found in scan. Updated laptop

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8288

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/1/2011 10:55:50 PM

mbam-log-2011-12-01 (22-55-50).txt

Scan type: Quick scan

Objects scanned: 171547

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

That's GOOD news :D

------------------

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

--------------------------------

Please update your Java.....should be version 29

You can do this from your control panel > Java > Update

BrowserJavaVersion: 1.6.0_26

------------------------------------

Run OTL and hit the CleanUp button to uninstall it.

----------------------------------

You can enable Spybots Teatimer again.

--------------------------------

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, Have a good Holiday and New Year, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.