Jump to content

Involuntary Downloading of Hidden Files

PeregrineKodiak
 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

ComboFix 13-08-21.01 - Free Bird 08/21/2013  23:24:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2186 [GMT -5:00]
Running from: c:\users\Free Bird\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-22 to 2013-08-22  )))))))))))))))))))))))))))))))
.
.
2013-08-22 04:45 . 2013-08-22 04:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 16:10 . 2013-08-20 16:10    --------    d-----w-    c:\program files (x86)\ESET
2013-08-20 15:36 . 2013-08-20 15:53    --------    d-----w-    C:\AdwCleaner
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-08-17 15:53    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-08-17 15:52    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-08-17 15:42    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-08-05 15:54 . 2013-08-05 15:54    --------    d-----w-    c:\programdata\Verizon
2013-08-05 15:54 . 2013-08-17 14:02    --------    d-----w-    c:\users\Free Bird\AppData\Local\Backup Assistant Plus
2013-08-05 15:54 . 2008-12-18 00:22    57344    ----a-w-    c:\windows\SysWow64\ff_vfw.dll
2013-08-05 15:54 . 2008-12-11 18:26    60273    ----a-w-    c:\windows\SysWow64\pthreadGC2.dll
2013-08-05 15:54 . 2013-08-05 15:54    --------    d-----w-    c:\program files (x86)\ffdshow
2013-08-05 15:48 . 2013-08-05 15:48    --------    d-----w-    C:\LGMobileUpgrade
2013-08-05 15:47 . 2013-08-05 15:47    --------    d-----w-    c:\program files (x86)\LG Electronics
2013-08-05 15:45 . 2013-08-05 15:45    5474304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.11.1.msi
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-08-05 15:44 . 2012-09-24 16:34    98304    ----a-r-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
2013-08-05 15:44 . 2011-09-22 17:54    24576    ----a-r-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
2013-07-25 02:28 . 2013-08-14 22:21    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-25 02:27 . 2013-08-14 22:21    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-25 02:27 . 2013-08-14 22:21    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-23 21:12 . 2013-07-27 22:29    --------    d-----w-    c:\programdata\CyberLink
2013-07-23 21:12 . 2013-07-24 00:00    --------    d-----w-    c:\users\Free Bird\AppData\Local\PowerDVD DX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-06-25 08:03 . 2013-06-25 08:03    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-06-25 08:03 . 2013-06-25 08:03    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-06-25 08:03 . 2013-06-25 08:03    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-06-25 08:03 . 2013-06-25 08:03    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-06-25 08:03 . 2013-06-25 08:03    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 19:43    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-08-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon Cloud\V CAST Backup Scheduler.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
AddRemove-DSite - c:\users\FREEBI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-Zip Opener Packages - c:\users\Free Bird\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Free Bird\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]
@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????\01???\01???????????\0f\01?\01\00\03\00\01????????1??????????????????????4.0.30319\00???????????\0d&\00??\01\00\01\00???????????\0e\14\00??\01\00\01U???????t???????\09\04?\00\00\04\00\01\00???????L???????\06\04?\05\00\04\00\01????????\04\10\00??\03\00\01????`???\06\04?\05\00\04\00\01???????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00\06\00\04\00??\05\00??????n;1;d:\\4f330366dd525ac60a532998ee8840e1\\\00\00??? ????\00\00??\00\00\00\00????\01\00??????\00 \00\00\18\00@\00\00\00 \00???????????????????\0c@\00??\01\00\01\00??????????????? ???a\00\00?Iz\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\02\00?\00\00\00???\01?????????\00\00\00\00\00\00\00\00\00\00\00??? ???a\00\00??\01\00\00\00?i??\02\00?g?G??\0a \00\00\1c\00:\00\02\00\0a\00???????????\01???????????\00?\00??\01\00\00?\08\00?????\01???????\06\04?\05\00\04\00\01?????x?? ???a\00\00?I\01\00\00\00?U??\03\00???G??\02\00\00\00\18\00\04\00?gW\00???????????????????????????????????????????????\08\04?\01\00\04\00\01????????\0c\04?\01\00\04\00\01????????????????????\0bx\00??\01\00\01C?????eA\00??? ????\00\00??\00\00\00\00????\08\00??????\00 \00\00\1a\004\00?? \00???????????????????\00.\00??\01\00\00?\08\00?????\06\04?\05\00\04\00\01????`x?? ???a\00\00?I\01\00\00\00????\01\00???G??\02\00\00\00\0c\00\04\00??U\00??????????????????????????????????????????? ??? ???a\00\00??\01\00\00\00????\00\00??????\0e\00\00\00\00\00\00\00??\07\00???????\04\04?\03\00\04\00\017???????\0a\04?\00\00\04\00\01??????\00?\08???\00H\00??\01\00\00????\06\04?\05\00\04\00\01????????????????????\00P\00??\01\00\00???\07\00?????????\00?\00????????????????????????????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\01\00\01\00\01\00\02\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00?????????\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\02\00\01\00\04\00\02\00\03\00\06\00?????????\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\05\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\03\00\02\00?????????\00?\00???????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\01\00\02\00?????????\00?\00??????????????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\03\00\01\00\02\00\04\00\00\00????? ???A\00\00??\00\00\00\00????\0a\00???G??\00 \00\00 \00N\00cr \00???????????????????\09N\00??\01\00\01 ????Dle\00??{C8B8456C-6A12-3725-95A8-1C9FBE1E3141}\00??U???????????????\01?????????'????? ???a\00\00??\01\00\00\00????\02\00?I?G??\0a \00\00\1c\00R\00??\0a\00??????Sy??v2.0.50727\00??????\06\04?\05\00\04\00\01H???H???O?e????6.1\00\00\00??20110616\00???? ????\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\08\00??????? W??a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00\00\00\08\00???????\01???????\00?\00??\01\00\00???????????c:\\Windows\\Installer\\aad5a3.msp\00\01e??? ê\00??\01\00\01???????????????????Microsoft Corporation\00???\08\04?\00\00\04\00\017???????'?'?????\01???????O?e?????\09,\00??\01\00\01????????????\00j\00??\01\00\00???????????? ???a\00\00??\02\00\00\00????\00\00??????\06\00\00\00\00\00\00\00??\07\00???????\0eR\00??\02\00\01\00???????????\"??????? ???a\00\00??\02\00\00\00????\00\00??????\04\00\00\00\00\00\00\00\00\00\08\00??????? ????\00\00??\01\00\00\00????\00\00???G??\14 \00\00\00\00\00\00?? \00???????????????????\01???????? \00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\01\02\00\00\00????\00\00??????\10 \00\00\00\00\00\00 ?\03\00?? ???? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\07\00??????{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\00ati???\05\04?\03\00\04\00\01s??x=??????0,???\08?\00??\03\00\01u??????\15\00\00\00???\00\00\00\00\00???\00????????????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00a\00\00? \00\00\00¨\00\00\00<QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[system[Provider[@Name=Microsoft-Windows-CEIP] and EventID=1007]]</Select></Query></QueryList>\00???\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00??\00\00\00\00\00\00A\00\01\00?\00\00\00?????\01????X?(zx%1vfio6%~Kdl!r37Uj[]_*hKLm4KMgS$%Bi0uM7&8F&'US5+MgonWiCS[p,l'jnphH8z0NI,~n019\02Servicing_Key\00\00?\00??42\00ˆ?????\01??????????????? &\00??\01\00\01b???????????????????\0b(\00??\01\00\01???????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\08\00???????\02???????????\02N\00??\01\00\01???????{7F9C951C-D364-4B70-8D07-D2C9B7F76E35}\00??????\05\04?\00\00\04\00\01????????\03\04?;\00\01\00\01????????\0e6\00??\02\00\01????????????\03\16\00??\01\00\019????x?? ????\00\00?ý\01\00\00\00????\01\00???I??\06 \00\00\00\00\08\00?iT\00??????????????????????????????????????????\00\00???\0e\01?\01\00\03\00\01\00???????????i??????? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??&\00??????????????????????? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00C\00??&\00??????????????????? ???\04d\00??\01\00\01???????\\Microsoft\\Windows\\Multimedia\\SystemSoundsService\00??? ????\00\00?\01\01\00\00\00????\00\00??????& \00\00\00\00\00\00??\0a\00??????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00\00\00\13\00???????????????\01???????\02N\00??\01\00\01???????{2470470F-2634-478E-B181-571E98A789BB}\00 ?????\05\04?\02\00\04\00\01???x\00??????\0d\00???\08C\00??\03\00\01???????\15\00\00\00???\00\00\00\00\00???\00????????????????????\04\00??\10\00???\00\00? \00?\00\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00up\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00????? ???\01??????? ????\00\00?g\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00??\0f\00???????y???\03?g???I????????????? ???A\00\00??\1a\00\00\00????\06\00???G???\00\00\00*\00\08\00? \07\00???????\01???????\09\04???\03\00\01???????? ??? ????\00\00??\02\00\00\00?I??\00\00???G??\02\00\00\00\00\00\00\00\00\01?\00???????????????????????????????`??????????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00??\01\00??????REG_SZ???\01???????\02??2\00??4\00??? ???a\00\00?\12\00\00\00\00????\01\00?\11?G??\00\00\00\00\"\00\08\00 ?\09\00??????????{3605B612-C3CF-4ab4-A426-2D853391DB2E}\00??????\12?\00 ?\03\00\01???????????????? ???a\00\00??\06\00\00\00????\00\00???G?? \00\00\00\00\00\00\00\00\00\07\00???g???\05??????????????O????????????????\0d\12\00?I\01\00\01????????????\09\04?\01\00\04\00\01????????????\0a\04?\01\00\04\00\01????????????\10\04?\01\00\04\00\01????????????\09\04?\04\00\04\00\01????????????????????????????'???\13\04?\00\00\04\00\01??????????Z?????\14\04?\03\00\04\00\01????????????????\04\10\00?I\03\00\01????????\0c\04?P\00\04\00\01????????????\0f?\00??\01\00\01\00???????U???5\04?\02\00\04\00\01????????????????????????????????????????\0b\12\00??\01\00\01??????r?????\0a\04?\00\00\04\00\01???????????????pP\08\00?????????????\09\04?0\00\01\00\01u??????????????????4.0.30319.1001\00??????\08\04?\01\00\04\00\01???????WindowsUpdateAgent\00??????5\04?\02\00\04\00\01o???????????????????????????????O???????????????????\09?\00??\03\00\01????????????\0e\16\00??\01\00\01\00???????\00??v2.0.50727\00\00\012???\01???????????????????????\02?\\???e????System,2.0.0.0,,b77a5c561934e089\00\00???\14\02?\00\00\01\00\01I???????????\0c???\0c\02?\00\00\01\00\01\00???????????\01???????\01????X?y?CweepH-4c0GgRbuNkOJdVX0WA,Q7gxikdVf+=tm~DaANrww4CP%Pn2Qc!D7z'S6oPFP4WZ0UMtgPXl\02Servicing_Key\00\00?\0a???\06\04?\08\00\04\00\01/???????\0a\04??\00\04\00\01\00?????\00?????\0b4\00??\01\00\01????????????????????????????\00???\01???????????????????7\04?\02\00\04\00\01E???????????????????????????0???\04\04?\03\00\04\00\019???????\01????\08\00?????\07\04?\01\00\04\00\01????????9\04?P\03\04\00\01-????????????????????????????0??????'?'?'??? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00Ô\00\02? \00???????????????????'?'?????\01???????\01???\01???\01???\14\02?\00\00\01\00\01\00???????????\15??? ???a\00\00?I\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00??\08\00???????\0bT\00??\01\00\01\00???????????5\04?\02\00\04\00\013???????????????????????????????\08\04?\00\00\04\00\017???????\01?'????????? ????\00\00??\00\00\00\00????\01\00?U?G??\00 \00\00\06\00\04\00??\05\00??a\00??10323\00???\08?\00??\01\00\01\00????0?02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636\\ReleaseType\00n??? Ô\00??\01\00\01.????????????????\08\00?????\01???????\01????\08\00????KB2518870\00??? ???a\00\00??\01\00\00\00????\07\00?L????$\00\00\00\1c\00B\00 ?\02\00???????\0c\04?p\00\04\00\017???????\08???\00?\00??\07\00\00???? ???a\00\00??\00\00\00\00????&\00??????\00\00\00\00(\00\02\00??\12\00???????????????\09\12\00??\01\00\01????????????\01???????\03\04?;\00\01\00\01????????\05\04?\03\00\04\00\01\00??x\00???\08I\00??\03\00\01\00??????\15\00\00\00???\00\00\00\00\00???\00????I???????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??\00\00???\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00??\01\00\01\00\00\00A\00\01\00\00\00\00\00\00\00??? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00\00\00&\00???????????????????\00??? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00?\00\00\00&\00???????????????????\00???\04>\00??\01\00\01\00??\00\00??\\Microsoft\\Windows\\RAC\\RacTask\00\00\00\00???\02N\00??\01\00\01\00?\00\00\00\08\00\00\00?????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\001\00\00\00???\01??1\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00?\00???????????????????????????????5??? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00l\00\00\00\01\002\00\00\00???\01??2\00???\0el\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\01|??????\01??7\00??????? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\003\00\00\00???\01??3\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_64\\Policy.6.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.6.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00???\01??2\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\004\00\00\00???\01??4\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.1.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\005\00\00\00???\01??5\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00@??G??\00\00\00\00\1c\00l\00\00\00\01\006\00\00\00???\01??6\00???\0el\00 ?\01\00\01\00???????\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\0eC\00??\01\00\01????????????????????????\01U?2\00??????\00??\00\00\00\00\00\00\00\00\00\00\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??? ????\00\00H?\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00U?\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0??? ????\00\00|?\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\007\00\00\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.7.Microsof"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-21  23:48:03
ComboFix-quarantined-files.txt  2013-08-22 04:48
.
Pre-Run: 4,850,130,944 bytes free
Post-Run: 4,697,444,352 bytes free
.
- - End Of File - - 81C6FDEF2B92D9503EDE3DE0E5934B28
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I found the problem. Don't rush, we still have work to do.

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

  • Link 2

    Link 3

    Link 4

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

In your next reply, post the following log files:

  • RKill log
  • Malwarebytes' Anti-Malware log
  • Kaspersky AVP log
Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/22/2013 01:14:12 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/22/2013 01:15:12 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 

Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Free Bird :: FREEBIRD-PC [administrator]

8/22/2013 1:17:52 PM
mbam-log-2013-08-22 (13-17-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304838
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 6
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Free Bird\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

Kapersky was scanning and began showing a window several times that I needed to update Kapersky. I left it alone to finish scanning. Four hours later, it had finished and hadn't found anything. I saved the log on my D drive - it took a couple of minutes just to save the log. Now, as I'm trying to open the log so I can copy and post, I notice that the size of the Kapersky log text file is 173,385 KB!!

 

I didn't run Kapersky on my D drive - I only checked the boxes through the C drive, like your instructions said.

I can't post the Kapersky log here - because I can't open it due to its size. It crashes my notepad... Have I made a mistake? Maybe I'm not saving the right log?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.