Jump to content

Stuck without ant-virus, can't find conflicting program


zombi2

Recommended Posts

Hello. I'm trying to install AVG Anti-Virus and, after uninstalling my Trend Micro trial as it instructed, I now a message to remove PC Cleaner Pro. I also have an Action Center message: PC Cleaner Pro reports that it is turned off and must be turned on manually using the program. The thing is I've never download this nor do I ever allow the "piggy backs" on other programs. This has never been listed in my programs, does not appear in searches, no taskbar messages from it, and it's never running in Task Manager. I searched manually and found one file: C:\Users\z\AppData\Roaming\PC Cleaners. I removed it and restarted but still get the same messages. I can't find anything else relating to the program. I'd appreciate any help you can give me. Thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by z at 21:39:49 on 2013-01-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4091 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Pogo Games\PGMTrusted.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Free Download Manager\fdm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962}\2456C6B696E6F5E413F575962756C6563737F5647343136473 : DHCPNameServer = 192.168.2.1 63.135.48.130 63.135.48.195 206.130.130.2 206.130.133.2

TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962}\E4544574541425 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A5A2C899-452B-43CD-AC0E-42A2E8452A5E} : DHCPNameServer = 192.168.1.1

Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\z\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\z\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

.

---- FIREFOX POLICIES ----

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

============= SERVICES / DRIVERS ===============

.

R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2011-9-1 27264]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-9-1 379520]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]

R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-3-23 31920]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-1 2656280]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-9-1 16768]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-28 142632]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-28 317440]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-28 169584]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-2 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-10 03:48:51 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\offreg.dll

2013-01-09 10:37:20 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 10:37:20 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 10:37:09 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-09 10:37:07 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-09 10:37:06 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-09 10:37:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-09 10:37:03 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-09 10:37:03 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-09 10:37:02 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-09 10:37:02 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-09 08:41:09 -------- d-----w- C:\Users\z\AppData\Roaming\Malwarebytes

2013-01-09 08:40:57 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-09 08:40:56 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-09 08:40:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-09 08:40:24 -------- d-----w- C:\Users\z\AppData\Local\Programs

2013-01-08 15:52:57 -------- d-----w- C:\Users\z\AppData\Local\{23B530F3-A67F-4359-9609-BA484BA8EB4F}

2013-01-08 11:34:45 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\mpengine.dll

2013-01-05 19:54:53 -------- d-----w- C:\ProgramData\AtomShockwave

2013-01-05 11:52:16 -------- d-----w- C:\Users\z\AppData\Local\{E9DC0313-1A51-4DE3-9FC5-08760502F17A}

2013-01-01 20:54:12 -------- d-----w- C:\Users\z\AppData\Roaming\Shockwave

2012-12-31 02:41:17 -------- d-----w- C:\Users\z\AppData\Local\{F69E70E3-E420-4491-AFFB-A31E7B77D198}

2012-12-25 16:38:53 -------- d-----w- C:\Users\z\AppData\Local\{DD903AE3-D9D8-4056-BB09-F336D3D928F6}

2012-12-23 20:25:54 -------- d-----w- C:\Users\z\AppData\Local\{79F2117F-B622-4B8F-B9BE-DB204430A0CF}

2012-12-22 21:08:51 -------- d-----w- C:\Users\z\AppData\Local\{3FCDB2E9-7DD7-4100-A9DC-702617A8127A}

2012-12-22 20:23:27 -------- d-----w- C:\Users\z\AppData\Local\{F33F758F-3104-43B2-AF67-0E3ED21A5B51}

2012-12-22 16:49:02 -------- d-----w- C:\Users\z\AppData\Roaming\GreenGamesandHamPackages

2012-12-22 16:49:00 -------- d-----w- C:\Program Files (x86)\GreenGamesandHam

2012-12-22 11:01:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 11:01:33 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 11:01:33 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 11:01:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-21 15:33:49 -------- d-----w- C:\Users\z\AppData\Local\{3EAB7B88-EBB3-4CFE-BF0E-3F3E70FD4ECF}

2012-12-14 09:15:35 -------- d-----w- C:\Users\z\AppData\Roaming\VideoReDo-TVSuite4

2012-12-13 11:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-13 01:35:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-13 01:35:45 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-13 01:35:14 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-13 01:35:14 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2013-01-09 12:12:51 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2013-01-01 20:53:41 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-01-01 20:53:41 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-01-01 20:53:41 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-01-01 20:53:41 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-07 08:18:48 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-07 08:18:48 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-29 18:52:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-11-29 18:52:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-11-23 10:29:36 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-23 10:29:36 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

.

============= FINISH: 21:40:46.15 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/8/2011 9:40:03 AM

System Uptime: 1/9/2013 9:23:01 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | U56E

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 792/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 571 GiB total, 357.899 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP174: 12/28/2012 1:11:21 PM - Windows Update

RP175: 1/1/2013 11:47:29 AM - Windows Update

RP176: 1/8/2013 3:34:04 AM - Windows Update

RP177: 1/9/2013 3:00:24 AM - Windows Update

.

==== Installed Programs ======================

.

1 vs 100™

7-Zip 4.57

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin

Alchemy

Alcor Micro USB Card Reader

Alien Shooter

Alien Sky

Alien Stars

Aquaball

Are You Smarter Than A 5th Grader: Make The Grade (remove only)

Asmedia ASM104x USB 3.0 Host Controller Driver

Astro Pop

ASUS AI Recovery

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS Secure Delete

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS USB Charger Plus

ASUS Virtual Camera

AsusScr_U46_ENG

AsusVibe2.0

ATK Package

Atlantis

Atlantis Quest

Atlantis!

Backspin Billiards

Ballistik

Balloon Blast

Balloon Express

Battle Slots (remove only)

BeachBlox (remove only)

Bejeweled 2 Deluxe

Bejeweled 3

Bejeweled Twist™

Best Buy Connect

Best Buy pc app

BeTrapped!

Bettys Beer Bar

Big Brain Wolf

Big Fish Games: Game Manager

Bing Bar

Bonus Mania Slots (remove only)

Bonus Mania Slots Pack 2

Bricks Of Atlantis (remove only)

calibre

Casino Chaos (remove only)

Casino Island To Go

Casino Island To Go (remove only)

CasinoVal.Au

Chicken Attack Deluxe (remove only)

Chicken Invaders 2 (remove only)

Chicken Invaders 3: Christmas Edition (remove only)

Chicken Invaders 4: Easter Edition (remove only)

CLUE Classic

Concentration (remove only)

Cowball (remove only)

Curse:The Eye of Isis (remove only)

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Deal or No Deal (remove only)

DivX Setup

Dolphins Dice Slots (remove only)

Dr Jekyll And Mr Hyde Extended Edition (remove only)

Echoes of the Past: the Citadels of Time (remove only)

Egyptian Ball (remove only)

Elements (remove only)

Enigmatis: The Ghosts of Maple Creek (remove only)

Epic Slot: Rock Hero (remove only)

Epic Slots: Raiders of the Lost Tomb (remove only)

ETDWare PS/2-X64 8.0.5.3_WHQL

Fast Boot

Fireworks Extravaganza

Fishdom: Spooky Splash (remove only)

Free Download Manager 3.9.2

Ghostery IE Plugin

Google Chrome

Great Escapes Solitaire

Greedy Words (remove only)

Green Games And Ham Games Console

GreenGamesandHam Packages

Halloween: Trick or Treat (remove only)

Hidden Expedition Titanic

House of 1000 Doors: Family Secrets Collector's Edition (remove only)

iLivid

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor 2.0

Intel® WiDi

Intel® Wireless Display

Intel® PROSet/Wireless WiMAX Software

iRoll (remove only)

Java 7 Update 9

Java Auto Updater

Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)

Junk Mail filter update

Lottso! Deluxe (remove only)

Luxor Evolved (remove only)

Magic Ball 2 (remove only)

Magic Ball 4 (remove only)

Mahjong Garden Deluxe

Mahjong Garden Deluxe (remove only)

Mahjongg Dimensions (remove only)

Mahjongg Dimensions Deluxe 2 (remove only)

Mahjongg: Under Investigation (remove only)

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Monkey Money Slots (remove only)

Monkey Money Slots 2 (remove only)

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

Mr Jones' Graveyard Shift (remove only)

MSVCRT

MSVCRT_amd64

Mystery Stories: Mountains of Madness (remove only)

Mystic Palace Slots

Nightmare on the Pacific (remove only)

Nuance PDF Reader

OpenAL

OPERATION MANIA

Phlinx To Go

Pictureka Museum Mayhem (remove only)

Pogo Games

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Reel Deal Epic Slot: Forrest Gump

Reel Deal Slot Quest: Alice in Wonderland (remove only)

Reel Deal Slot Quest: Galactic Defender (remove only)

Reel Deal Slot Quest: Under the Sea (remove only)

Reel Deal Slot Quest: Vampire Lord (remove only)

Reel Deal Slots American Adventure (remove only)

Ricochet Recharged

Righteous Kill 2 (remove only)

RocketBowl

Rocketbowl Plus (remove only)

Saints & Sinners Bowling

Saints and Sinners Bingo

Saints and Sinners Bowling (remove only)

SceneSwitch

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Slingo Mystery (remove only)

Slingo Mystery 2: The Golden Escape (remove only)

Slingo Quest Amazon (remove only)

Slingo Quest Egypt (remove only)

Slingo Quest Hawaii (remove only)

Slingo Supreme (remove only)

Slot Quest: The Museum Escape (remove only)

Slot Quest: Wild West (remove only)

Snapshot Adventures (remove only)

Sonic Focus

Spooky Mall (remove only)

StuffIt Expander 2011

TextTwist 2 (remove only)

The Alchemist Slots (remove only)

The Great Sea Battle: The Game of Battleship

The Poppit Show (remove only)

The Sims Carnival™ Bumper Blast

Totem Treasure 2 (remove only)

Tri-Peaks 2 Quest for the Ruby Ring (remove only)

Tri-Peaks Solitaire To Go (remove only)

Tri Peaks 2 Quest For The Ruby Ring

Tumble Bees To Go

Twistingo (remove only)

Unity Web Player

UNO® - Undercover™

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Vampire Mansion (remove only)

Vampires vs Zombies (remove only)

VC80CRTRedist - 8.0.50727.6195

Vegas Penny Slots Pack (remove only)

Vegas Penny Slots Pack 3

Veoh Giraffic Video Accelerator

Veoh Web Player

VideoPad Video Editor

VideoReDo TVSuite Version 4.20.7.629

VLC media player 2.0.1

Vuze

Way To Go Bowling (remove only)

Way To Go! Bowling

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

WINetia (remove only)

WinFlash

WinRAR 4.20 (32-bit)

WinZip 16.0

Wireless Console 3

WMS Slots: Jungle Wild (remove only)

Word Bird Supreme

Word U (remove only)

Word Whomp Underground (remove only)

WordJong (remove only)

World Class Solitaire

World Mosaics (remove only)

WorldWinner Games

Yatzy Twist (remove only)

Zombie Bowl-O-Rama

Zombie Bowl O Rama (remove only)

.

==== Event Viewer Messages From Past Week ========

.

1/9/2013 2:16:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/9/2013 2:16:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/9/2013 2:16:22 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

1/9/2013 2:16:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/9/2013 2:16:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/9/2013 2:16:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO discache spldr Wanarpv6

1/8/2013 11:44:05 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).

1/5/2013 5:18:01 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please don't surf without an AV, we will try and get these remnants removed so you can install one.

Microsoft Security Essentials might install, the problem may be with AVG, but let's wait till we see what is remaining on your machine.

Please run the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here is the ComboFix log:

ComboFix 13-01-08.01 - z 01/10/2013 6:41.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.3665 [GMT -8:00]

Running from: c:\users\z\.swt\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\intellidownload\gunzip.exe

c:\program files (x86)\smartdl

c:\program files (x86)\smartdl\gunzip.exe

c:\program files (x86)\smartdl\status-o

c:\programdata\Bcool

c:\programdata\Bcool\background.html

c:\programdata\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx

c:\programdata\Roaming

C:\torrent.exe

c:\windows\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))

.

.

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\dwayne\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp

2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp

2013-01-10 03:48 . 2013-01-10 03:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\offreg.dll

2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\programdata\Malwarebytes

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs

2013-01-08 11:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\mpengine.dll

2013-01-05 19:54 . 2013-01-05 19:54 -------- d-----w- c:\programdata\AtomShockwave

2013-01-01 20:54 . 2013-01-01 20:54 -------- d-----w- c:\users\z\AppData\Roaming\Shockwave

2012-12-22 16:49 . 2012-12-22 16:49 -------- d-----w- c:\users\z\AppData\Roaming\GreenGamesandHamPackages

2012-12-22 16:49 . 2012-12-22 16:49 -------- d-----w- c:\program files (x86)\GreenGamesandHam

2012-12-22 11:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 11:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 11:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 11:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-14 09:15 . 2012-12-14 09:15 -------- d-----w- c:\users\z\AppData\Roaming\VideoReDo-TVSuite4

2012-12-13 11:01 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-13 01:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-13 01:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-13 01:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 01:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 12:12 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-16 08:38 . 2012-11-28 20:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 20:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 20:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]

2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096]

.

c:\users\Guest.z-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-6-30 16032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-6-30 16032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 assd;assd; [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\05\0d\09-\0c?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-10 06:53:51

ComboFix-quarantined-files.txt 2013-01-10 14:53

.

Pre-Run: 384,160,370,688 bytes free

Post-Run: 392,792,207,360 bytes free

.

- - End Of File - - 871B084EA08474481ECF558E7EECA4B1

Link to post
Share on other sites

  • Staff

That looks much better already

Please see if Microsoft Security Essentials will install

run a quick scan, let me know what it finds

http://www.microsoft.com/security_essentials/

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Junkware log:

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\startsearch

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasmancs

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\iminent"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\iwin"

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iminent"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iwin"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\media finder"

Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\pcpro"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\best buy pc app"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\ilivid player"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\iwin"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\toolbar4"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\fbphotozoom"

Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"

Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"

Successfully deleted: [Folder] "C:\Program Files (x86)\iminent toolbar"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bcool"

Successfully deleted: [Folder] "C:\Users\z\appdata\local\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchtheweb.xml"

Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\user.js

Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\searchplugins\askcom.xml

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com"

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\conduitcommon

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\fctb

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}

Successfully deleted the following from C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\prefs.js

user_pref("CT2504091..clientLogIsEnabled", false);

user_pref("CT2504091..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2504091..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2504091.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);

user_pref("CT2504091.CTID", "CT2504091");

user_pref("CT2504091.CurrentServerDate", "14-4-2012");

user_pref("CT2504091.DSInstall", false);

user_pref("CT2504091.DialogsAlignMode", "LTR");

user_pref("CT2504091.DialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.DownloadReferralCookieData", "");

user_pref("CT2504091.EMailNotifierPollDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.EnableClickToSearchBox", false);

user_pref("CT2504091.EnableSearchHistory", false);

user_pref("CT2504091.EnableSearchSuggest", false);

user_pref("CT2504091.FeedLastCount129079840422964131", 0);

user_pref("CT2504091.FeedPollDate128891351169457140", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.FeedPollDate129079840422964131", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.FeedTTL128891351169457140", 40);

user_pref("CT2504091.FirstServerDate", "14-4-2012");

user_pref("CT2504091.FirstTime", true);

user_pref("CT2504091.FirstTimeFF3", true);

user_pref("CT2504091.FixPageNotFoundErrors", true);

user_pref("CT2504091.GroupingServerCheckInterval", 1440);

user_pref("CT2504091.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2504091.HPInstall", false);

user_pref("CT2504091.HasUserGlobalKeys", true);

user_pref("CT2504091.Initialize", true);

user_pref("CT2504091.InitializeCommonPrefs", true);

user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);

user_pref("CT2504091.InstallationType", "UnknownIntegration");

user_pref("CT2504091.InstalledDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.IsGrouping", false);

user_pref("CT2504091.IsInitSetupIni", true);

user_pref("CT2504091.IsMulticommunity", false);

user_pref("CT2504091.IsOpenThankYouPage", false);

user_pref("CT2504091.IsOpenUninstallPage", false);

user_pref("CT2504091.LanguagePackLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2504091.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2504091.LastLogin_3.10.0.1", "Sat Apr 14 2012 03:03:29 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.LatestVersion", "3.10.0.1");

user_pref("CT2504091.Locale", "en-us");

user_pref("CT2504091.MCDetectTooltipHeight", "83");

user_pref("CT2504091.MCDetectTooltipShow", false);

user_pref("CT2504091.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2504091.MCDetectTooltipWidth", "295");

user_pref("CT2504091.MyStuffEnabledAtInstallation", true);

user_pref("CT2504091.OriginalFirstVersion", "3.10.0.1");

user_pref("CT2504091.SearchBackToDefaultEngine", false);

user_pref("CT2504091.SearchCaption", "Web Search");

user_pref("CT2504091.SearchFromAddressBarIsInit", true);

user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=");

user_pref("CT2504091.SearchInNewTabEnabled", true);

user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);

user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2504091.SearchInNewTabUserEnabled", false);

user_pref("CT2504091.SearchProtectorToolbarDisabled", true);

user_pref("CT2504091.SendProtectorDataViaLogin", true);

user_pref("CT2504091.ServiceMapLastCheckTime", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SettingsLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.SettingsLastUpdate", "1331729343");

user_pref("CT2504091.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13");

user_pref("CT2504091.ThirdPartyComponentsInterval", 504);

user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");

user_pref("CT2504091.ToolbarDisabled", true);

user_pref("CT2504091.ToolbarShrinkedFromSetup", false);

user_pref("CT2504091.TrusteLinkUrl", "http://trust.conduit.com/CT2504091");

user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com

user_pref("CT2504091.UserID", "UN91214868072606966");

user_pref("CT2504091.alertChannelId", "897164");

user_pref("CT2504091.approveUntrustedApps", false);

user_pref("CT2504091.components.1000034", false);

user_pref("CT2504091.components.129079840422182852", false);

user_pref("CT2504091.components.129079840422339107", false);

user_pref("CT2504091.components.129079840422964131", false);

user_pref("CT2504091.components.129079849636241789", false);

user_pref("CT2504091.components.129707804829376918", false);

user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP

user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.homepageProtectorEnableByLogin", true);

user_pref("CT2504091.initDone", true);

user_pref("CT2504091.isAppTrackingManagerOn", true);

user_pref("CT2504091.isSearchProtectorNotifyChanges", false);

user_pref("CT2504091.myStuffEnabled", true);

user_pref("CT2504091.myStuffPublihserMinWidth", 400);

user_pref("CT2504091.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT2504091.myStuffServiceIntervalMM", 1440);

user_pref("CT2504091.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT2504091.navigateToUrlOnSearch", false);

user_pref("CT2504091.revertSettingsEnabled", false);

user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);

user_pref("CT2504091.searchProtectorEnableByLogin", true);

user_pref("CT2504091.testingCtid", "");

user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CT2504091.usagesFlag", 2);

user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"0ed21444a51360e874a1a819c752a8cb1\"");

user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/897164/892962/US", "\"0\"");

user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "C5ZJe6gL80JBW5CuLy+wkg==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\"");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");

user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"75babe825203d7a8eecb898dcf55bf17\"");

user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"b751c0bb41b1519d39b2b1c04f5e2cd5\"");

user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hgeawx3j.default\\conduitCommon\\modules\\3.10.0.1");

user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");

user_pref("CommunityToolbar.globalUserId", "ba44276f-fcb0-410d-a3c2-04510cb3260f");

user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 14 2012 03:03:38 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.notifications.locale", "en");

user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)");

user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");

user_pref("CommunityToolbar.notifications.showTrayIcon", false);

user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.notifications.userId", "c3e72112-beb7-4dff-9720-46f9d5b99f4b");

user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "orgnl");

user_pref("extensions.BabylonToolbar.bbDpng", 14);

user_pref("extensions.BabylonToolbar.dfltSrch", false);

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.hmpg", false);

user_pref("extensions.BabylonToolbar.lastDP", 14);

user_pref("extensions.BabylonToolbar.lastVrsnTs", "");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");

user_pref("extensions.BabylonToolbar.newTab", false);

user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

user_pref("extensions.BabylonToolbar.propectorlck", 75578083);

user_pref("extensions.BabylonToolbar.smplGrp", "free");

user_pref("extensions.adapter@babylontc.com.install-event-fired", true);

user_pref("extensions.crossriderapp2258@crossrider.com.install-event-fired", true);

user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);

user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"www.facebook.com/ai.php?aed=AQLUwDkJhjNqAksNUKXyVp_9tWt0maxFM_BARdKejELJVJmHuB1c099rNSOgl_bl2eNQnFo

user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Emptied folder: C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\minidumps [114 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/10/2013 at 7:51:28.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It seems at some point between MSE and Junkware the PC Cleaner msg. finally went away. :) I'll go on with the next step,,,

Link to post
Share on other sites

I thought the site looked a little "cheap" but checking it's rep I guess it's beyond safe. :blush:

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 09:34:50

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : z - Z-PC

# Boot Mode : Normal

# Running from : C:\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Vuze_Remote

Folder Deleted : C:\Users\z\AppData\Local\APN

Folder Deleted : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Folder Deleted : C:\Users\z\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\Software\GamesBarSetup

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\prefs.js

Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firef[...]

Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true);

-\\ Google Chrome v23.0.1271.97

File : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr",

Deleted [l.2125] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr",

*************************

AdwCleaner[R1].txt - [4282 octets] - [10/01/2013 09:34:06]

AdwCleaner[s1].txt - [4295 octets] - [10/01/2013 09:34:50]

########## EOF - C:\AdwCleaner[s1].txt - [4355 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.10.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

z :: Z-PC [administrator]

Protection: Enabled

1/10/2013 9:49:37 AM

mbam-log-2013-01-10 (09-49-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298595

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Sorry, my internet was shut off during the scan. Since I'm moving this month anyway I won't have any service til next month. Just to be safe I'll do the last steps when I get connected but I can already tell things are much better. :) Thanks a lot for all your help. I'm gonna go over these logs while I'm offline and see if I can't learn something. :lol:

Link to post
Share on other sites

  • 3 weeks later...

Thanks for keeping it open. I've had several problems while offline and have had to restore (and undo restores) multiple times, including dates prior to any of the steps above so I'm sure some old issues crept up again, along with new ones. I now have random shut-offs (even while plugged in and fully charged) and my screen brightness changes out of nowhere while simply browsing and the cooling fans go nuts. Plus MSE is turned off and can't be started (Error 0x8007002). I'll redo all the above tonight or in the morning and get back when I'm at the ESET scan.

Link to post
Share on other sites

  • Staff

ok good,

run the following after the ESET scan and post all the logs:

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Link to post
Share on other sites

ESET scan:

C:\Qoobox\Quarantine\C\ProgramData\Bcool\background.html.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\ProgramData\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx.vir Win32/Adware.MultiPlug.H application

C:\Users\z\.swt\Downloads\Downloads\10_8.exe multiple threats

C:\Users\z\.swt\Downloads\10_8.exe multiple threats

C:\Users\z\.swt\Downloads\jak.htm HTML/Iframe.B.Gen virus

C:\Users\z\.swt\Downloads\jak_001.htm HTML/Iframe.B.Gen virus

C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251 multiple threats

C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc multiple threats

Link to post
Share on other sites

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++

--- User ---

[MBR] c109e6cbb74cc7ed16fc4a15ef895d59

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02052013_02d0004.txt >>

RKreport[1]_S_02052013_02d0004.txt

RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : z [Admin rights]

Mode : Remove -- Date : 02/05/2013 00:06:01

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Guest.z-PC.000 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED

[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++

--- User ---

[MBR] c109e6cbb74cc7ed16fc4a15ef895d59

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_02052013_02d0006.txt >>

RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt

RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : z [Admin rights]

Mode : Shortcuts HJfix -- Date : 02/05/2013 00:11:08

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 96 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 272 / Fail 0

My documents: Success 4 / Fail 4

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 596 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 283 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_02052013_02d0011.txt >>

RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt ; RKreport[3]_SC_02052013_02d0011.txt

Link to post
Share on other sites

  • Staff

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\Users\z\.swt\Downloads\Downloads\10_8.exe
C:\Users\z\.swt\Downloads\10_8.exe
C:\Users\z\.swt\Downloads\jak.htm
C:\Users\z\.swt\Downloads\jak_001.htm
C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251
C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

ComboFix 13-02-03.03 - z 02/05/2013 15:38:15.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4565 [GMT -8:00]

Running from: c:\users\z\.swt\Downloads\Contacts\Desktop\ComboFix.exe

Command switches used :: c:\users\z\.swt\Downloads\Contacts\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\z\.swt\Downloads\10_8.exe"

"c:\users\z\.swt\Downloads\Downloads\10_8.exe"

"c:\users\z\.swt\Downloads\jak.htm"

"c:\users\z\.swt\Downloads\jak_001.htm"

"c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251"

"c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\z\.swt\Downloads\10_8.exe

c:\users\z\.swt\Downloads\Downloads\10_8.exe

c:\users\z\.swt\Downloads\jak.htm

c:\users\z\.swt\Downloads\jak_001.htm

.

.

((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))

.

.

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\dwayne\AppData\Local\temp

2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-05 22:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52066E1F-8327-4433-94FE-0B349F9BCA29}\mpengine.dll

2013-02-05 08:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-03 21:11 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F541064-4E5A-46CF-A492-081BFAFD043F}\gapaengine.dll

2013-02-01 08:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9695A6C0-4CEA-456D-AEF7-67197F4C9227}\mpengine.dll

2013-02-01 07:01 . 2013-02-01 07:02 -------- d-----w- C:\Downloads

2013-01-30 06:02 . 2013-01-30 06:02 -------- d-----w- c:\users\dwayne\AppData\Local\Oberon Media

2013-01-20 01:35 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Free Download Manager

2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\users\dwayne\AppData\Roaming\Shockwave

2013-01-18 00:51 . 2013-01-28 18:26 -------- d-----w- c:\program files\Old Movie Maker

2013-01-10 17:58 . 2013-01-28 18:22 -------- d-----w- c:\program files (x86)\ESET

2013-01-10 15:45 . 2013-01-28 18:26 -------- d-----w- c:\windows\ERUNT

2013-01-10 15:44 . 2013-02-03 21:29 -------- d-----w- C:\JRT

2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes

2013-01-09 08:40 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Malwarebytes

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-01 16:41 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2013-01-30 10:53 . 2012-01-29 17:45 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-12-16 17:11 . 2012-12-22 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-11-14 07:06 . 2012-12-13 11:00 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 11:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 11:00 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 11:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 11:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 11:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 11:00 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 11:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 11:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 11:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 11:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 11:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 11:00 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 11:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 11:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 11:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 11:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 11:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 11:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 11:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 11:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 01:35 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 01:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]

2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 assd;assd; [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]

S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job

- c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file)

Toolbar-Locked - (no file)

AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe

AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\04\05\0d\09-\0c?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-02-05 15:51:09

ComboFix-quarantined-files.txt 2013-02-05 23:51

ComboFix2.txt 2013-02-03 21:01

ComboFix3.txt 2013-01-10 14:53

.

Pre-Run: 393,055,653,888 bytes free

Post-Run: 393,963,016,192 bytes free

.

- - End Of File - - 2AD3F31DA49B40373EDE97B6C2025D04

Everything seems to be running fine and CPU usage is much lower than it was before :)

Link to post
Share on other sites

  • Staff

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, JRT and RogueKiller logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.