hopi Posted July 10, 2012 ID:568704 Share Posted July 10, 2012 i am running windows 7 on an hp laptop, and i keep getting random audio ads, and sometimes just songs playing, without having a browser open. i tried running malwarebytes, and a couple of items needed to be quarantined, but this did not resolve the issue.please help!.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.6000.16711 BrowserJavaVersion: 1.6.0_33Run by Betti at 18:54:20 on 2012-07-09Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.1948 [GMT -7:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WUDFHost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\Dwm.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Users\Betti\AppData\Local\Temp\DAT259A.tmp.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\System32\ICO.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\Pelmiced.exeC:\Program Files\Common Files\AOL\1204479927\ee\aolsoftware.exec:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\AOL 9.0\waol.exeC:\Program Files\AOL 9.0\shellmon.exeC:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = *.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File{555d4d79-4bd2-4094-a395-cfc534424a05}uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunuRun: [AOL Fast Start] "c:\program files\aol 9.0\AOL.EXE" -bmRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exemRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exemRun: [Mouse Suite 98 Daemon] ICO.EXEmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [RtHDVCpl] RtHDVCpl.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymPolicies-system: EnableLUA = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://64.93.28.242:1100/cab/OCXChecker_6110.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\betti\appdata\roaming\mozilla\firefox\profiles\3aqckf95.default\FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - plugin: c:\users\betti\appdata\local\facebook\messenger\2.1.4570.0\npFbDesktopPlugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-3 654408]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-7 1262400]R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-9-17 1251840]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-3 22344]S2 mdlewanhlma;mdlewanhlma;c:\users\betti\appdata\local\temp\DAT259A.tmp.exe [2012-7-6 44544]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120].=============== Created Last 30 ================.2012-07-09 22:59:36 140832 ----a-w- c:\windows\system32\drivers\str.sys2012-07-07 14:46:10 62272 ----a-w- c:\windows\system32\nvshext.dll2012-07-07 14:46:09 2561344 ----a-w- c:\windows\system32\nvsvcr.dll2012-07-07 14:44:22 61248 ----a-w- c:\windows\system32\OpenCL.dll2012-07-07 14:44:13 -------- d-----w- c:\programdata\NVIDIA Corporation2012-07-07 14:38:20 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll2012-07-07 14:38:19 19607872 ----a-w- c:\windows\system32\nvoglv32.dll2012-07-07 14:38:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll2012-07-07 14:38:18 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-07-07 14:38:17 1000768 ----a-w- c:\windows\system32\nvdispco32.dll2012-07-07 14:38:16 5982528 ----a-w- c:\windows\system32\nvcuda.dll2012-07-07 14:38:16 2524992 ----a-w- c:\windows\system32\nvcuvid.dll2012-07-07 14:38:16 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll2012-07-07 14:38:10 17551680 ----a-w- c:\windows\system32\nvcompiler.dll2012-07-07 14:37:25 -------- d-----w- c:\program files\NVIDIA Corporation2012-07-07 14:36:45 -------- d-----w- C:\NVIDIA2012-07-06 09:00:19 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1173d4f0-9bfa-46dc-bee8-1d4c43f70784}\mpengine.dll2012-06-20 00:35:14 4967624 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll2012-06-16 07:44:25 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-11 04:29:28 -------- d-----w- c:\users\betti\appdata\local\Macromedia.==================== Find3M ====================.2012-07-03 23:28:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-03 23:28:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-16 07:43:24 472840 ----a-w- c:\windows\system32\deployJava1.dll2012-05-21 03:55:47 319456 ----a-w- c:\windows\DIFxAPI.dll2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll2012-05-02 06:55:08 360448 ----a-w- c:\windows\system32\awrdscdc.ax.============= FINISH: 18:55:12.59 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 2/24/2008 6:05:28 AMSystem Uptime: 7/9/2012 6:28:34 PM (0 hours ago).Motherboard: Quanta | | 30D2Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 221 GiB total, 80.159 GiB free.D: is FIXED (NTFS) - 12 GiB total, 1.869 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Canon MX860 ser NetworkDevice ID: ROOT\CANON_IJ_NETWORK\0000Manufacturer: CanonName: Canon MX860 ser NetworkPNP Device ID: ROOT\CANON_IJ_NETWORK\0000Service: StillCam.==== System Restore Points ===================..==== Installed Programs ======================.32 Bit HP CIO Components InstallerActivation Assistant for the 2007 Microsoft Office suitesActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Anchor Service CS4Adobe Bridge CS4Adobe CMaps CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Extra Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Recommended Settings CS4Adobe Color Video Profiles CS CS4Adobe CSI CS4Adobe Default Language CS4Adobe Device Central CS4Adobe Drive CS4Adobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Fonts AllAdobe Linguistics CS4Adobe Media PlayerAdobe Output ModuleAdobe PDF Library Files CS4Adobe Photoshop CS4Adobe Photoshop CS4 SupportAdobe Reader X (10.1.3)Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe Shockwave PlayerAdobe Shockwave Player 11.5Adobe Type Support CS4Adobe Update Manager CS4Adobe WinSoft Linguistics PluginAdobe XMP Panels CS4AdobeColorCommonSetCMYKAdobeColorCommonSetRGBAge of Empires IIIAge of Empires III - The WarChiefsAIM 6AOL Uninstaller (Choose which Products to Remove)Apple Application SupportApple Mobile Device SupportApple Software UpdateAshampoo Burning Studio 6 FREE v.6.80Audible Download ManagerBestPractice (remove only)BonjourBufferChmCanon MP Navigator EX 2.1Canon MX860 series MP DriversCanon My PrinterCanon Utilities Solution MenuCCleanerCompatibility Pack for the 2007 Office systemConnectDesignPro 5Deus ExDJ ToneXpress v4.7.5Driver DetectiveDrivers Install For Linksys Easylink AdvisorDVD SuiteEA LinkESU for Microsoft VistaFacebook Messenger 2.1.4570.0Facebook Video Calling 1.2.0.159FaxFlipShareFormatFactory 2.95Guitar Pro 5.2HandBrake 0.9.6Hauppauge MCE XP/Vista Software Encoder (2.0.25149)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)HP Active Support LibraryHP Doc ViewerHP User Guides 0087HPAsset component for HP Active Support LibraryHPNetworkAssistantIntel® Matrix Storage ManageriTunesJava Auto UpdaterJava 6 Update 33Java 6 Update 4Java 6 Update 7kulerLabelPrintLinksys EasyLink Advisor 1.6 (0032)Malwarebytes Anti-Malware version 1.61.0.1400Mega ManagerMicrosoft .NET Framework 3.5 SP1Microsoft Age of Empires IIMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2003 Primary Interop AssembliesMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft WorksMotorola SM56 Data Fax ModemMouse SuiteMozilla Firefox 13.0.1 (x86 en-US)Mozilla Maintenance ServiceMSCU for Microsoft VistaMSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 Parser and SDKmuvee autoProducer 6.1NVIDIA Control Panel 301.42NVIDIA Graphics Driver 301.42NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Update 1.8.15NVIDIA Update ComponentsOpenOffice.org 2.4PDF Settings CS4PhotoNow!Photoshop Camera RawPower Tab Editor 1.7Power2GoPowerDirectorProject64 1.6QuickBooksQuickBooks Pro 2011QuickTimeRealtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows VistaRealtek High Definition Audio DriverRicochet Lost WorldsRICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01RTC Client API v1.2Skype Click to CallSkype™ 5.9SoulSeek 157 NS 13eStarcraftSuite Shared Configuration CS4Synaptics Pointing Device DriverTELL ME MOREThe Sims™ Life StoriesTranscribe! 7.50UnloadSupportUpdate for Office 2007 (KB934528)Viewpoint Media PlayerVLC media player 1.0.5WeatherBug GadgetWinampWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Media Player Firefox PluginWinRAR archiverYouTube Free Downloader.==== Event Viewer Messages From Past Week ========.7/9/2012 12:40:18 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).7/6/2012 4:26:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.7/6/2012 4:24:41 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.7/6/2012 4:24:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.7/6/2012 4:24:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.7/6/2012 4:24:30 PM, Error: Print [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 1753. The printer cannot be used by others on the network.7/6/2012 10:35:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the mdlewanhlma service to connect.7/5/2012 7:29:37 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it..==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568706 Share Posted July 10, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix When the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
hopi Posted July 10, 2012 Author ID:568761 Share Posted July 10, 2012 for some reason i am unable to get combofix to work properly, after multiple attempts. after i click run and accept, it briefly runs the program and then disappears, and nothing further happens. the auto scan never actually gets going. i am not sure what i am doing wrong or what to do to fix this.this is the mwbam log:Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.07.10.02Windows Vista x86 NTFSInternet Explorer 7.0.6000.16711Betti :: HOPI [administrator]Protection: Enabled7/9/2012 8:16:40 PMmbam-log-2012-07-09 (20-36-46).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 255468Time elapsed: 7 minute(s), 23 second(s)Memory Processes Detected: 1C:\Users\Betti\AppData\Local\Temp\DAT259A.tmp.exe (Trojan.Phex.THAGen1) -> 2068 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 3HKLM\SYSTEM\CurrentControlSet\Services\mdlewanhlma (Trojan.Phex.THAGen1) -> No action taken.HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> No action taken.HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Users\Betti\AppData\Local\Temp\DAT259A.tmp.exe (Trojan.Phex.THAGen1) -> No action taken.C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> No action taken.C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> No action taken.(end) Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568958 Share Posted July 10, 2012 Run another Quick Scan and remove everything found.Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.comPlease reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Click Start --> Run, and enter this command exactly as shown:"%userprofile%\desktop\sega.com" /killallSee if it will run successfully now. Stop it after half an hour of no activity. Link to post Share on other sites More sharing options...
hopi Posted July 10, 2012 Author ID:568981 Share Posted July 10, 2012 wow, i just tried to do another quick scan, and when i click on the mbam icon on my desktop, it says 'Run time error 5: invalid procedure call or argument". also, i was unable to start my computer before and needed to do a start system restore. i'm assuming i should uninstall mbam and reinstall and do the quick scan? i will give that a try and then do all the other things you suggested. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568998 Share Posted July 10, 2012 Yes please try an uninstall and reinstall before proceeding. Link to post Share on other sites More sharing options...
hopi Posted July 10, 2012 Author ID:569039 Share Posted July 10, 2012 finally!!! i had to try to use combofix 4 times in safe mode before something would happen:ComboFix 12-07-10.01 - Betti 07/10/2012 12:26:15.1.2 - x86 MINIMALMicrosoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.2509 [GMT -7:00]Running from: c:\users\Betti\Desktop\sega.comCommand switches used :: /killall * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.comc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome.manifestc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.htmlc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xulc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.jsc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.jsc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.jsc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.jsc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xulc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xulc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.htmlc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.jsc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\install.rdfc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtdc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\button1.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\button2.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\button3.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\button4.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\button5.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.pngc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\popup.cssc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\popup.htmlc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xmlc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\skin.cssc:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\extensions\crossriderapp2258@crossrider.com\skin\update.cssc:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\nc:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@c:\windows\system32\AutoRun.infc:\windows\system32\DEBUG.logc:\windows\system32\HPBDO.0c:\windows\system32\HPPPM.0c:\windows\system32\HPWHEEL.0c:\windows\system32\ICO.0c:\windows\system32\ICONSPY.0c:\windows\system32\KBL.LOGc:\windows\system32\MFC71.0c:\windows\system32\MSVCR71.0c:\windows\system32\NOTIFIER.0c:\windows\system32\PELCOMM.0c:\windows\system32\PELHOOKS.0c:\windows\system32\PELMICED.0c:\windows\system32\PELRESS.0c:\windows\system32\PELSCRLL.0c:\windows\system32\PELSETUP.0c:\windows\system32\PELUTIL.0c:\windows\system32\PELZOOM.0c:\windows\system32\PMARIA.0c:\windows\system32\PMIBM.0c:\windows\system32\PMPoPo.0c:\windows\system32\PMPOPO2.0c:\windows\system32\PMTilt3.0c:\windows\system32\PMUNINNT.0c:\windows\system32\PMUNINST.0c:\windows\system32\XMOUSE.0.Infected copy of c:\windows\system32\services.exe was found and disinfectedRestored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy8_!Windows!System32!services.exe..((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))..2012-07-10 19:42 . 2012-07-10 19:44 -------- d-----w- c:\users\Betti\AppData\Local\temp2012-07-10 19:42 . 2012-07-10 19:42 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-07-10 19:42 . 2012-07-10 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-10 19:11 . 2012-07-10 19:11 -------- d-----w- C:\sega2012-07-10 18:28 . 2012-07-10 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-10 18:28 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-10 08:13 . 2012-07-10 19:11 -------- d-----w- C:\ComboFix2012-07-07 14:46 . 2012-07-10 09:22 -------- d-----w- c:\users\UpdatusUser2012-07-07 14:46 . 2012-05-15 09:28 62272 ----a-w- c:\windows\system32\nvshext.dll2012-07-07 14:36 . 2012-07-07 14:36 -------- d-----w- C:\NVIDIA2012-07-06 09:00 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1173D4F0-9BFA-46DC-BEE8-1D4C43F70784}\mpengine.dll2012-06-20 00:35 . 2012-06-20 00:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2012-06-16 07:44 . 2012-06-16 07:43 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-11 04:29 . 2012-06-11 04:29 -------- d-----w- c:\users\Betti\AppData\Local\Macromedia...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-03 23:28 . 2012-03-31 07:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-03 23:28 . 2011-10-12 07:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-16 07:43 . 2010-07-17 04:58 472840 ----a-w- c:\windows\system32\deployJava1.dll2012-05-21 03:55 . 2008-02-24 14:14 319456 ----a-w- c:\windows\DIFxAPI.dll2012-05-15 10:26 . 2007-09-19 20:05 2368832 ----a-w- c:\windows\system32\nvapi.dll2012-05-15 10:26 . 2007-09-19 20:05 15322432 ----a-w- c:\windows\system32\nvd3dum.dll2012-05-15 09:28 . 2008-02-27 11:48 645440 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:28 . 2007-09-19 20:05 108352 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:28 . 2007-09-19 20:05 3931456 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 09:27 . 2007-09-19 20:05 2759488 ----a-w- c:\windows\system32\nvsvc.dll2012-05-02 06:55 . 2009-10-03 01:46 360448 ----a-w- c:\windows\system32\awrdscdc.ax2012-06-17 07:40 . 2012-03-18 07:19 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-03 1232896]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 49152]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0).[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnkbackup=c:\windows\pss\Audible Download Manager.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkbackup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkbackup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]2006-11-10 12:12 50736 ----a-w- c:\program files\AOL 9.0\aol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]2011-07-19 19:53 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]2007-03-15 23:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2012-06-30 16:04 137536 ----atw- c:\users\Betti\AppData\Local\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1204479927\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]2010-09-27 19:26 1443080 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2984360966-779318858-4001959606-1000]"EnableNotificationsRef"=dword:00000001.S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08.Contents of the 'Scheduled Tasks' folder.2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2984360966-779318858-4001959606-1000Core.job- c:\users\Betti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-27 16:04].2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2984360966-779318858-4001959606-1000UA.job- c:\users\Betti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-27 16:04].2012-07-10 c:\windows\Tasks\User_Feed_Synchronization-{90087F7C-9422-4068-8A5B-8344BF7C1E36}.job- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]..------- Supplementary Scan -------.mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://64.93.28.242:1100/cab/OCXChecker_6110.cabFF - ProfilePath - c:\users\Betti\AppData\Roaming\Mozilla\Firefox\Profiles\3aqckf95.default\FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe...**************************************************************************scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files:.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(696)c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvvsvc.exec:\program files\NVIDIA Corporation\Display\nvxdsync.exec:\windows\system32\nvvsvc.exec:\program files\Common Files\AOL\ACS\AOLAcsd.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Flip Video\FlipShare\FlipShareService.exec:\program files\Flip Video\FlipShareServer\FlipShareServer.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exec:\program files\Common Files\Intuit\DataProtect\QBIDPService.exec:\program files\CyberLink\Shared Files\RichVideo.exec:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exec:\windows\System32\ICO.EXEc:\program files\Synaptics\SynTP\SynTPEnh.exec:\windows\RtHDVCpl.exec:\program files\NVIDIA Corporation\Display\nvtray.exec:\windows\ehome\ehmsas.exec:\windows\system32\wbem\unsecapp.exec:\program files\Hewlett-Packard\HP Health Check\hphc_service.exec:\program files\Malwarebytes' Anti-Malware\mbamservice.exec:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe.**************************************************************************.Completion time: 2012-07-10 12:54:41 - machine was rebootedComboFix-quarantined-files.txt 2012-07-10 19:54.Pre-Run: 89,395,703,808 bytes freePost-Run: 88,056,672,256 bytes free.- - End Of File - - 3384CFFF3CAC2D0A615AA94D76EE6251.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.6000.16711 BrowserJavaVersion: 1.6.0_33Run by Betti at 12:58:43 on 2012-07-10Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.1725 [GMT -7:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exeC:\Windows\system32\Dwm.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\ICO.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Skype\Phone\Skype.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exec:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\Explorer.exeC:\Windows\system32\notepad.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exe.============== Pseudo HJT Report ===============.mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = *.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File{555d4d79-4bd2-4094-a395-cfc534424a05}uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunmRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exemRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exemRun: [Mouse Suite 98 Daemon] ICO.EXEmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [RtHDVCpl] RtHDVCpl.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymPolicies-system: EnableLUA = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://64.93.28.242:1100/cab/OCXChecker_6110.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\betti\appdata\roaming\mozilla\firefox\profiles\3aqckf95.default\FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157FF - prefs.js: network.proxy.type - 0.============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-10 654408]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-7 1262400]R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-9-17 1251840]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-10 22344]S2 mdlewanhlma;mdlewanhlma;"c:\users\betti\appdata\local\temp\dat259a.tmp.exe" --service --> c:\users\betti\appdata\local\temp\DAT259A.tmp.exe [?]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120].=============== Created Last 30 ================.2012-07-10 19:54:43 -------- d-----w- c:\users\betti\appdata\local\temp2012-07-10 19:53:56 -------- d-sh--w- C:\$RECYCLE.BIN2012-07-10 19:23:27 98816 ----a-w- c:\windows\sed.exe2012-07-10 19:23:27 518144 ----a-w- c:\windows\SWREG.exe2012-07-10 19:23:27 256000 ----a-w- c:\windows\PEV.exe2012-07-10 19:23:27 208896 ----a-w- c:\windows\MBR.exe2012-07-10 19:11:56 -------- d-----w- C:\sega2012-07-10 18:28:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-10 18:28:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-10 08:13:58 -------- d-----w- C:\ComboFix2012-07-07 14:46:10 62272 ----a-w- c:\windows\system32\nvshext.dll2012-07-07 14:46:09 2561344 ----a-w- c:\windows\system32\nvsvcr.dll2012-07-07 14:44:22 61248 ----a-w- c:\windows\system32\OpenCL.dll2012-07-07 14:44:13 -------- d-----w- c:\programdata\NVIDIA Corporation2012-07-07 14:38:20 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll2012-07-07 14:38:19 19607872 ----a-w- c:\windows\system32\nvoglv32.dll2012-07-07 14:38:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll2012-07-07 14:38:18 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-07-07 14:38:17 1000768 ----a-w- c:\windows\system32\nvdispco32.dll2012-07-07 14:38:16 5982528 ----a-w- c:\windows\system32\nvcuda.dll2012-07-07 14:38:16 2524992 ----a-w- c:\windows\system32\nvcuvid.dll2012-07-07 14:38:16 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll2012-07-07 14:38:10 17551680 ----a-w- c:\windows\system32\nvcompiler.dll2012-07-07 14:37:25 -------- d-----w- c:\program files\NVIDIA Corporation2012-07-07 14:36:45 -------- d-----w- C:\NVIDIA2012-07-06 09:00:19 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1173d4f0-9bfa-46dc-bee8-1d4c43f70784}\mpengine.dll2012-06-20 00:35:14 4967624 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll2012-06-16 07:44:25 476936 ----a-w- c:\windows\system32\npdeployJava1.dll2012-06-11 04:29:28 -------- d-----w- c:\users\betti\appdata\local\Macromedia.==================== Find3M ====================.2012-07-03 23:28:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-03 23:28:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-16 07:43:24 472840 ----a-w- c:\windows\system32\deployJava1.dll2012-05-21 03:55:47 319456 ----a-w- c:\windows\DIFxAPI.dll2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll2012-05-02 06:55:08 360448 ----a-w- c:\windows\system32\awrdscdc.ax.============= FINISH: 12:59:03.65 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:569043 Share Posted July 10, 2012 Hi,Please go to VirusTotal, and upload the following file(s) for analysis:c:\users\Betti\AppData\Local\Facebook\Update\FacebookUpdate.exec:\windows\system32\msfeedssync.exePost the results in your reply.Also zip up that file and attach it to your reply. Link to post Share on other sites More sharing options...
hopi Posted July 10, 2012 Author ID:569048 Share Posted July 10, 2012 it didn't generate a separate log file, so i copied and pasted into notebook. hope that's okay. SHA256: ef477df61734368e41b3a5f280fa47e1e876f959cfe840a32dddd5f536dabb8d SHA1: fad452bf645ccb5ad3bbf7da86f570d13dd3b847 MD5: fcc7c432fbf465c38fd5d940580ef9b7 File size: 134.3 KB ( 137536 bytes ) File name: FacebookUpdate.exe File type: Win32 EXE Tags: peexe signed Detection ratio: 0 / 42 Analysis date: 2012-07-10 18:10:17 UTC ( 2 hours, 7 minutes ago ) 56More details Antivirus Result Update AhnLab-V3 - 20120705 AntiVir - 20120705 Antiy-AVL - 20120705 Avast - 20120705 AVG - 20120705 BitDefender - 20120705 ByteHero - 20120704 CAT-QuickHeal - 20120705 ClamAV - 20120705 Commtouch - 20120705 Comodo - 20120705 DrWeb - 20120706 Emsisoft - 20120705 eSafe - 20120705 F-Prot - 20120705 F-Secure - 20120706 Fortinet - 20120705 GData - 20120705 Ikarus - 20120705 Jiangmin - 20120705 K7AntiVirus - 20120705 Kaspersky - 20120705 McAfee - 20120706 McAfee-GW-Edition - 20120705 Microsoft - 20120705 NOD32 - 20120705 Norman - 20120705 nProtect - 20120706 Panda - 20120705 PCTools - 20120705 Rising - 20120705 Sophos - 20120705 SUPERAntiSpyware - 20120705 Symantec - 20120706 TheHacker - 20120704 TotalDefense - 20120705 TrendMicro - 20120706 TrendMicro-HouseCall - 20120705 VBA32 - 20120705 VIPRE - 20120705 ViRobot - 20120705 VirusBuster - 20120705 SHA256: 8d8d1ada6c2502902b650fea0030004fca66951a9cb85bd44bd757b678749a5d SHA1: bbae31ada17c43eddfc67d65562a8d8ead7dfb34 MD5: 25f9a960544444ba3ce2ad4cb5bb1401 File size: 12.0 KB ( 12288 bytes ) File name: msfeedssync.exe File type: Win32 EXE Tags: nsrl Detection ratio: 0 / 42 Analysis date: 2011-04-11 18:44:34 UTC ( 1 year, 3 months ago ) 00More details Antivirus Result Update AhnLab-V3 - 20110411 AntiVir - 20110411 Antiy-AVL - 20110411 Avast - 20110411 Avast5 - 20110411 AVG - 20110411 BitDefender - 20110411 CAT-QuickHeal - 20110411 ClamAV - 20110411 Commtouch - 20110406 Comodo - 20110411 DrWeb - 20110411 Emsisoft - 20110411 eSafe - 20110410 eTrust-Vet - 20110411 F-Prot - 20110411 F-Secure - 20110411 Fortinet - 20110409 GData - 20110411 Ikarus - 20110411 Jiangmin - 20110409 K7AntiVirus - 20110411 Kaspersky - 20110411 McAfee - 20110411 McAfee-GW-Edition - 20110411 Microsoft - 20110411 NOD32 - 20110411 Norman - 20110411 Panda - 20110411 PCTools - 20110411 Prevx - 20110411 Rising - 20110411 Sophos - 20110411 SUPERAntiSpyware - 20110410 Symantec - 20110411 TheHacker - 20110411 TrendMicro - 20110411 TrendMicro-HouseCall - 20110411 VBA32 - 20110411 VIPRE - 20110411 ViRobot - 20110411 VirusBuster - 20110411virustotal-facebookupdate.txtvirus total-msfeedssync.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569159 Share Posted July 11, 2012 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
hopi Posted July 11, 2012 Author ID:569211 Share Posted July 11, 2012 i haven't heard any random sounds for at least a few hours now, so it is looking promising. the eset scan found 8 problems, which i gave permission to quarantine.ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=a6ad5501611fce45b0091520bc42af71# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-07-11 04:00:57# local_time=2012-07-10 09:00:57 (-0800, Pacific Daylight Time)# country="United States"# lang=1033# osver=6.0.6000 NT# compatibility_mode=5892 16776574 100 100 0 178579030 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=427370# found=8# cleaned=8# scan_time=7756C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Program Files\FoxTabFLVPlayer\Uninstall\Uninstall.exe a variant of Win32/Kryptik.JPT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Betti\Downloads\cnet2_ashampoo_burning_studio_6_free_6_80_4312_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N4U50PZ\mx_nan_a[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 CC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ7J83G8\firstload_com[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 CC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RD3ZWQS3\mx_nan_a[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 CResults of screen317's Security Check version 0.99.42 Windows Vista x86 (UAC is disabled!) Out of date service pack!! Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner Java 6 Update 33 Java 6 Update 4 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.3.300.262 Adobe Reader X (10.1.3) Mozilla Firefox (13.0.1)````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569319 Share Posted July 11, 2012 Hi,Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Java™ 6 Update 33 Java™ 6 Update 4 Java™ 6 Update 7 Restart your computer.Get the latest version of Java.Reboot.Run Windows Update and install all available updates, including SP2 and Internet Explorer 8. Let me know if you have any issues updating.Let me know what issues remain. Link to post Share on other sites More sharing options...
hopi Posted July 11, 2012 Author ID:569521 Share Posted July 11, 2012 i am at the windows update stage, but i keep getting the error message 80246008. i'll reboot and try again and see if that helps... Link to post Share on other sites More sharing options...
hopi Posted July 12, 2012 Author ID:569581 Share Posted July 12, 2012 updates just don't seem to work. i am trying to follow the windows help for the error code i received, and it is telling me to right click on the background intelligent transfer service (bits) in the services window, but that category is not in the list, and i cannot find it by doing a search either. Link to post Share on other sites More sharing options...
hopi Posted July 12, 2012 Author ID:569584 Share Posted July 12, 2012 i am just not being allowed to install any updates, no matter what i try. either i get an error message, or it tells me 'some updates were not installed' 'not needed: xx updates'. i tried to uncheck everything in the list and install updates one at a time, but this has not worked either. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 14, 2012 Staff ID:570503 Share Posted July 14, 2012 Try this manual download location:http://www.microsoft.com/en-us/download/details.aspx?id=16468 Link to post Share on other sites More sharing options...
Staff screen317 Posted July 18, 2012 Staff ID:572560 Share Posted July 18, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 26, 2012 Staff ID:576718 Share Posted July 26, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts