Jump to content

Im infected please help =(


Recommended Posts

Hi There virus wouldn't let me attach files so i've pasted them

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Cooper Family at 19:48:35 on 2013-01-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1513.513 [GMT 13:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Users\Cooper Family\AppData\Roaming\Spotify\spotify.exe

C:\Users\Cooper Family\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe

C:\Users\Cooper Family\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

uRun: [spotify] "C:\Users\Cooper Family\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Cooper Family\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [sDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto

uRun: [Facebook Update] "C:\Users\Cooper Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8B4C0550-9AA5-456B-BF46-386B7A80EF23} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{8B4C0550-9AA5-456B-BF46-386B7A80EF23}\4586F6D637F6E6135463345443 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{8B4C0550-9AA5-456B-BF46-386B7A80EF23}\A416E65647 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{CDAE239F-2CDC-4A73-9EDC-8C40F4D56FF2} : DHCPNameServer = 192.168.1.254

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

SSODL: WebCheck - <orphaned>

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-14 82048]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-14 42624]

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-11 235520]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-14 30520]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-6 138272]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-27 102528]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-6 46136]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-27 219776]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-4 1384608]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-6 167072]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-5 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121202.001\IDSviA64.sys [2012-12-4 513184]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-6 258664]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 565352]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-6 451192]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-6 1129120]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-6 190072]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-6 405624]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-6 56448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-7 95248]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-01-07 05:51:14 -------- d-----w- C:\Program Files (x86)\ethen1

2013-01-07 05:40:40 -------- d-----w- C:\Users\Cooper Family\AppData\Roaming\Malwarebytes

2013-01-07 05:35:57 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-07 05:35:55 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-07 05:35:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-07 05:35:30 -------- d-----w- C:\Users\Cooper Family\AppData\Local\Programs

2013-01-07 04:36:27 -------- d-----w- C:\Program Files (x86)\SaveAs

2013-01-07 04:36:20 -------- d-----w- C:\ProgramData\SaveAs

2013-01-07 04:35:22 -------- d-----w- C:\ProgramData\InstallMate

2013-01-07 00:59:15 -------- d-----w- C:\Windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP

2013-01-07 00:57:43 -------- d-----w- C:\Program Files (x86)\LeapFrog

2013-01-07 00:57:42 -------- d-----w- C:\ProgramData\Leapfrog

2013-01-06 20:59:13 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15E7049F-7357-48DA-87B5-E241427C16AC}\offreg.dll

2013-01-05 10:58:49 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15E7049F-7357-48DA-87B5-E241427C16AC}\mpengine.dll

2012-12-21 21:13:02 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 21:13:02 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 21:13:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 21:13:01 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-20 08:41:14 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-20 08:29:31 -------- d-----w- C:\Users\Cooper Family\AppData\Local\Facebook

2012-12-17 01:25:04 0 ----a-w- C:\Windows\SysWow64\sho6610.tmp

2012-12-16 22:29:17 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-12-13 19:39:59 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2012-12-13 05:56:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 05:56:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 05:54:48 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 05:54:48 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-12-10 07:20:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

.

==================== Find3M ====================

.

2013-01-07 01:22:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-07 01:22:25 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 20:38:17 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 19:49:41.12 ===============

and the attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/10/2012 8:39:58 a.m.

System Uptime: 7/01/2013 7:17:21 p.m. (0 hours ago)

.

Motherboard: Hewlett-Packard | | 1849

Processor: AMD A6-4400M APU with Radeon™ HD Graphics | Socket FT1 | 1674/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 278 GiB total, 222.928 GiB free.

D: is FIXED (NTFS) - 20 GiB total, 2.151 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP26: 19/12/2012 8:01:26 a.m. - Windows Update

RP27: 22/12/2012 10:12:12 a.m. - Windows Update

RP28: 26/12/2012 12:38:26 p.m. - Windows Update

RP29: 2/01/2013 6:48:07 p.m. - Windows Update

RP30: 5/01/2013 11:57:43 p.m. - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0) MUI

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Steady Video Plug-In

AMD VISION Engine Control Center

Atheros Driver Installation Program

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blio

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cradle of Rome 2

CyberLink YouCam

D3DX10

Dora's World Adventure

ESU for Microsoft Windows 7 SP1

Evernote v. 4.5.2

Facebook Video Calling 1.2.0.287

Farm Frenzy

Farmscapes

FATE

FilesFrog Update Checker

Final Drive Fury

Free YouTube Downloader 3.5.128

Google Chrome

Google Update Helper

Happy Feet

Hewlett-Packard ACLM.NET v1.2.1.1

Hoyle Card Games

HP 3D DriveGuard

HP Auto

HP Client Services

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Recovery Manager

HP Security Assistant

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

Letters from Nowhere 2

Luxor HD

Mah Jong Medley

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

Norton Internet Security

opensource

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

RollerCoaster Tycoon 3: Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Skype Click to Call

Skype™ 6.0

Spotify

swMSM

Synaptics Pointing Device Driver

The Treasures of Mystery Island: The Ghost Ship

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Virtual Villagers 4 - The Tree of Life

WildTangent Games App (HP Games)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

7/01/2013 7:18:06 p.m., Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).

7/01/2013 7:11:50 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:11:13 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/01/2013 7:11:13 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/01/2013 7:11:09 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/01/2013 7:11:09 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/01/2013 7:11:08 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/01/2013 7:11:02 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/01/2013 7:10:56 p.m., Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

7/01/2013 5:48:45 p.m., Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

7/01/2013 1:59:48 p.m., Error: Service Control Manager [7030] - The LeapFrog Connect Device Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

thank you for looking at this

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Hi There virus wouldn't let me attach files so i've pasted them

It's better if you paste, as malware writers would love to infect computers of helpers like myself.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

What issues have you noticed about your computer?

Link to post
Share on other sites

One major issue is that the sound wont work for anything that I try to run. Computer default sounds still go.

here is the log from combo fix

ComboFix 13-01-06.01 - Cooper Family 08/01/2013 10:42:04.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1513.471 [GMT 13:00]

Running from: c:\users\Cooper Family\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\users\Cooper Family\Documents\~WRL0003.tmp

c:\users\Cooper Family\Documents\~WRL0941.tmp

.

----- File Replicators -----

.

c:\programdata\Adobe\ARM\Reader_10.1.0\1106\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\1106\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\1106\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\15273\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\15273\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\15273\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16063\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16063\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16063\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16914\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16914\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\16914\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\17424\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\17424\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\17424\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\18258\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\18258\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\18258\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\24066\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\24066\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\24066\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2747\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2747\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2747\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\27658\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\27658\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\27658\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2869\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2869\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\2869\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\29851\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\29851\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Reader_10.1.0\29851\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\1106\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\1106\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\1106\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\15273\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\15273\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\15273\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16063\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16063\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16063\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16914\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16914\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\16914\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\17424\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\17424\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\17424\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\18258\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\18258\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\18258\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\24066\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\24066\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\24066\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2747\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2747\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2747\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\27658\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\27658\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\27658\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2869\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2869\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\2869\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\29851\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\29851\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Reader_10.1.0\29851\ReaderUpdater.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))

.

.

2013-01-07 21:57 . 2013-01-07 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-07 21:48 . 2013-01-07 21:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15E7049F-7357-48DA-87B5-E241427C16AC}\offreg.dll

2013-01-07 05:51 . 2013-01-07 06:14 -------- d-----w- c:\program files (x86)\ethen1

2013-01-07 05:40 . 2013-01-07 05:40 -------- d-----w- c:\users\Cooper Family\AppData\Roaming\Malwarebytes

2013-01-07 05:35 . 2013-01-07 05:35 -------- d-----w- c:\programdata\Malwarebytes

2013-01-07 05:35 . 2013-01-07 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-07 05:35 . 2012-12-14 03:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-07 05:35 . 2013-01-07 05:35 -------- d-----w- c:\users\Cooper Family\AppData\Local\Programs

2013-01-07 04:36 . 2013-01-07 04:36 -------- d-----w- c:\program files (x86)\SaveAs

2013-01-07 04:36 . 2013-01-07 21:13 -------- d-----w- c:\programdata\SaveAs

2013-01-07 04:35 . 2013-01-07 04:35 -------- d-----w- c:\programdata\InstallMate

2013-01-07 00:59 . 2013-01-07 00:59 -------- d-----w- c:\program files\DIFX

2013-01-07 00:59 . 2013-01-07 01:00 -------- d-----w- c:\windows\F9233F0256174BDC8EC64B798EDFE6F4.TMP

2013-01-07 00:57 . 2013-01-07 00:59 -------- d-----w- c:\program files (x86)\LeapFrog

2013-01-07 00:57 . 2013-01-07 00:57 -------- d-----w- c:\programdata\Leapfrog

2013-01-05 10:58 . 2012-11-18 12:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15E7049F-7357-48DA-87B5-E241427C16AC}\mpengine.dll

2012-12-21 21:13 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:13 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:13 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:13 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-20 08:41 . 2013-01-06 07:51 -------- d-----w- c:\users\Cooper Family\AppData\Roaming\Skype

2012-12-20 08:41 . 2012-12-20 08:41 -------- d-----r- c:\program files (x86)\Skype

2012-12-20 08:41 . 2012-12-20 08:41 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-20 08:29 . 2012-12-20 08:30 -------- d-----w- c:\users\Cooper Family\AppData\Local\Facebook

2012-12-17 01:25 . 2012-12-17 01:25 0 ----a-w- c:\windows\SysWow64\sho6610.tmp

2012-12-16 22:29 . 2012-12-16 22:29 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-12-13 19:39 . 2012-11-14 06:01 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-12-13 05:56 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-13 05:56 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-13 05:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 05:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-07 01:22 . 2012-03-03 18:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-07 01:22 . 2012-03-03 18:39 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 19:45 . 2012-11-14 01:47 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-12-02 05:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-02 05:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-02 05:41 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 20:38 . 2012-06-06 10:15 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Cooper Family\AppData\Roaming\Spotify\Spotify.exe" [2012-10-27 7880664]

"Spotify Web Helper"="c:\users\Cooper Family\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]

"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808]

"Facebook Update"="c:\users\Cooper Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-20 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]

S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-10 235520]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-10 361984]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]

S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-03 01:22]

.

2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1095308568-52703581-1482608865-1002Core.job

- c:\users\Cooper Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-20 08:37]

.

2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1095308568-52703581-1482608865-1002UA.job

- c:\users\Cooper Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-20 08:37]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 07:49]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 07:49]

.

2013-01-05 c:\windows\Tasks\HPCeeScheduleForCooper Family.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-08 11:24:59

ComboFix-quarantined-files.txt 2013-01-07 22:24

.

Pre-Run: 244,236,308,480 bytes free

Post-Run: 244,192,059,392 bytes free

.

- - End Of File - - C6BA0903F65581FB9DCE938012493E4B

Sound still not going after scan.

Thanks again

Link to post
Share on other sites

Hello Coooper. :)

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Hey TheDarkKnight :)

Virus wont allow me to run OTL.exe. I tried to change the extension but that didn't work either.

Exception EOleSysError in module OTL.exe 000584A5. class not registered .... <-- this is the message that pops up everytime I try to run it.

All security and anti virus are still disabled, so not sure about what to do now?

Link to post
Share on other sites

Hey Coooper. :)

Please try OTL in Safe Mode (reboot and tap F8 repeatedly).

If that doesn't work, please try this instead.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.