Jump to content

FBI Moneypak virus, can't enter safe mode

Mo23

By Mo23
in Resolved Malware Removal Logs

 Share

Recommended Posts

Mo23

Mo23

Posted
Posted

Hello, I have the FBI moneypak virus, which blocks me from using the computer. Also, I cannot enter safe mode, only safe mode with command prompt. I am not sure if that is two seperate issues or from the same virus. It seems to be a more familiar problem now and while searching for a solution, I've found fixing the problem is case sensitive to the specific user. Which brings me here seeking any form of help or recommendations. Thank you in advance. 

 

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Kaspersky Windows Unlocker
 
  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus  Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter


krd5.jpg

  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally.

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Hi Marius, thank you for offering your assistance to me. So far I have followed all the steps you provided and the computer starts normally. It does state "Warning! Suspicious activity detected". I have taken no further action and awaiting your direction.

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

So I have followed the next set of steps you have listed. Here is the ark.txt content . .

 

 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-07 16:31:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: yk7x9e7q.exe; Driver: C:\Users\Mo\AppData\Local\Temp\pgldypoc.sys
 
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\aq4y4jlq \Device\Scsi\aq4y4jlq1                                                                             fffffa8009a172c0
Device  \Driver\aq4y4jlq \Device\Scsi\aq4y4jlq1Port1Path0Target0Lun0                                                        fffffa8009a172c0
Device  \FileSystem\Ntfs \Ntfs                                                                                              fffffa80051c12c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{32A1F167-BC0C-430F-8D40-987238B1C92D}                                            fffffa80086d22c0
Device  \Driver\USBSTOR \Device\0000008e                                                                                    fffffa80086fb2c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                    fffffa80099da2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                        fffffa80063f82c0
Device  \Driver\cdrom \Device\CdRom1                                                                                        fffffa80063f82c0
Device  \Driver\USBSTOR \Device\0000008b                                                                                    fffffa80086fb2c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                    fffffa80099da2c0
Device  \Driver\USBSTOR \Device\00000085                                                                                    fffffa80086fb2c0
Device  \Driver\USBSTOR \Device\0000008c                                                                                    fffffa80086fb2c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                    fffffa80099da2c0
Device  \Driver\volmgr \Device\HarddiskVolume1                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\FtControl                                                                                    fffffa80051b92c0
Device  \Driver\volmgr \Device\VolMgrControl                                                                                fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume2                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume3                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume4                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume5                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume6                                                                              fffffa80051b92c0
Device  \Driver\volmgr \Device\HarddiskVolume7                                                                              fffffa80051b92c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                             fffffa80086d22c0
Device  \Driver\USBSTOR \Device\0000008d                                                                                    fffffa80086fb2c0
Device  \Driver\aq4y4jlq \Device\ScsiPort1                                                                                  fffffa8009a172c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                    fffffa80099da2c0
 
---- Modules - GMER 2.1 ----
 
Module  \SystemRoot\System32\Drivers\aq4y4jlq.SYS                                                                           fffff88000d93000-fffff88000dd7000 (278528 bytes)
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1444:3752]                                                      000007fefb892a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1444:3908]                                                      000007fef32fd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1444:532]                                                       000007fef97a5124
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x21 0x25 0x09 0xE2 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x3B 0x9E 0xDD 0x93 ...
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x49 0x12 0xAC 0x06 ...
Reg     HKLM\SYSTEM\ControlSet001\services\ (not active ControlSet)                                                         
Reg     HKLM\SYSTEM\ControlSet001\services\@Parameters\0\x202e\x2764                                                        424
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x21 0x25 0x09 0xE2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x3B 0x9E 0xDD 0x93 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x49 0x12 0xAC 0x06 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764                                                    424
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x21 0x25 0x09 0xE2 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x3B 0x9E 0xDD 0x93 ...
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x49 0x12 0xAC 0x06 ...
Reg     HKLM\SYSTEM\ControlSet003\services\ (not active ControlSet)                                                         
Reg     HKLM\SYSTEM\ControlSet003\services\@Parameters\0\x202e\x2764                                                        424
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                                               unknown MBR code
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

I ran Farbar's Recovery Scan Tool and this is the content for the FRST.txt . . 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Mo (administrator) on MO-PC on 07-11-2013 16:34:01
Running from C:\Users\Mo\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
() C:\Windows\system32\dmwu.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [M-Audio Taskbar Icon] - C:\Windows\System32\M-AudioTaskBarIcon.exe [749576 2009-06-22] (Avid Technology, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [396152 2010-12-20] (BitTorrent, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [Google Update] - C:\Users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-15] (Google Inc.)
HKCU\...\RunOnce: [Application Restart #3] - C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end [844752 2013-10-08] (Google Inc.)
HKCU\...\Winlogon: [shell] Explorer.exe <==== ATTENTION 
MountPoints2: {62f4f558-4f63-11e0-a5c1-40618637c80f} - M:\Setup.exe
MountPoints2: {9a2b1249-ebad-11de-8f19-40618637c80f} - J:\LaunchU3.exe -a
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [sPIRunE] - C:\Windows\\SysWOW64\SPIRunE.dll [18432 2009-03-05] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe [1154416 2011-10-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\Mcx1-MO-PC\...\Winlogon: [shell] Explorer.exe <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll  [1528744 2012-08-08] (iMesh, Inc)
Startup: C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=38B740618637C80F
URLSearchHook: HKLM-x32 - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1173&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2B4A9935-29A9-4487-B332-418C09CEE0F3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1173&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1173&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKLM-x32 - {2B4A9935-29A9-4487-B332-418C09CEE0F3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20121010025529882&tb_oid=26-02-2010&tb_mrud=10-10-2012
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1173&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=122304&tt=gc_&babsrc=SP_ss&mntrId=38B740618637C80F
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=122304&tt=gc_&babsrc=SP_ss&mntrId=38B740618637C80F
SearchScopes: HKCU - {2B4A9935-29A9-4487-B332-418C09CEE0F3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20121010025529882&tb_oid=26-02-2010&tb_mrud=10-10-2012
SearchScopes: HKCU - {6b8a6d87-ed0a-476c-b151-e7a52d1a5c8f} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1173&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8uDFm5z4&i=26
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SelectionLinks - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
BHO-x32: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO-x32: hpBHO Class - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mo\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mo\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Mo\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Mo\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF Extension: No Name - C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\places.sqlite
FF Extension: No Name - C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: No Name - C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: No Name - C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js.orig
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [happylyrics@hpyproductions.net] - C:\Program Files (x86)\HappyLyrics\FF\
FF Extension: Happy Lyrics - C:\Program Files (x86)\HappyLyrics\FF\
 
Chrome: 
=======
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=122304&tt=gc_&babsrc=SP_ss&mntrId=38B740618637C80F
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Mo\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mo\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mo\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U19) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Mo\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Mo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Mo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Mo\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Game Face Plugin) - C:\Users\Mo\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Nike Auto size 11.5 Created by Marc) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abnobdmnfefmdgdbnfjmmpcjphimnkpd\1.0_0
CHR Extension: (YouTube) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Web Assistant) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.572_0
CHR Extension: (Nike Auto size 11 Created by Marc) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\egemflmphdncabmhgddepkpomphiggai\3.5_0
CHR Extension: (Nike Auto size 8.5 Created by Marc) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\khehghnngddphdgnkdbnahdahhcgknii\3.5_0
CHR Extension: (Google Wallet) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Nike Auto size 10 Created by Marc) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkldllmnbeokpcdlhlllhfkpmejbkag\3.5_0
CHR Extension: (Nike Auto size 12 Created by Marc) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfofcpknomhhgpjhfpjajcdllhoijmn\3.5_0
CHR Extension: (Gmail) - C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mo\AppData\Roaming\BabSolution\CR\delta1.crx
CHR HKLM-x32\...\Chrome\Extension: [jchdohlabppioihejfmjehpagohkenbh] - C:\Program Files (x86)\OApps\chrome-sl.crx
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Mo\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\   \...\???\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
U3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-11-07] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131106.001\IDSvia64.sys [521816 2013-11-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20131107.003\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20131107.003\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-03-20] (Smith Micro Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-03-15] ()
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-11-05] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2009-12-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
U3 aq4y4jlq; C:\Windows\System32\Drivers\aq4y4jlq.sys [0 ] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
U3 pgldypoc; \??\C:\Users\Mo\AppData\Local\Temp\pgldypoc.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-07 16:33 - 2013-11-07 16:33 - 01957098 _____ (Farbar) C:\Users\Mo\Downloads\FRST64.exe
2013-11-07 16:31 - 2013-11-07 16:31 - 00009874 _____ C:\Users\Mo\Desktop\ark.txt
2013-11-07 16:07 - 2013-11-07 16:07 - 00377856 _____ C:\Users\Mo\Downloads\yk7x9e7q.exe
2013-11-07 01:27 - 2013-11-07 10:29 - 00000000 ____D C:\ProgramData\3an373df
2013-11-06 20:04 - 2013-11-07 10:43 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-25 13:34 - 2013-11-07 10:29 - 00000000 ____D C:\ProgramData\3an373di
2013-10-25 13:34 - 2013-10-25 13:34 - 00000000 ____D C:\Users\Mo\AppData\Roaming\Tific
2013-10-25 13:34 - 2013-10-25 13:34 - 00000000 ____D C:\Users\Mo\AppData\Local\Symantec
2013-10-25 13:22 - 2013-10-25 13:22 - 00000000 ____D C:\FRST
2013-10-24 05:49 - 2013-10-24 10:04 - 00000000 ____D C:\ProgramData\3an373d5
2013-10-24 04:27 - 2013-10-24 10:04 - 00000000 ____D C:\ProgramData\3an373dg
 
==================== One Month Modified Files and Folders =======
 
2013-11-07 16:33 - 2013-11-07 16:33 - 01957098 _____ (Farbar) C:\Users\Mo\Downloads\FRST64.exe
2013-11-07 16:31 - 2013-11-07 16:31 - 00009874 _____ C:\Users\Mo\Desktop\ark.txt
2013-11-07 16:28 - 2010-12-20 03:25 - 00000000 ____D C:\Users\Mo\AppData\Roaming\uTorrent
2013-11-07 16:13 - 2011-03-15 20:42 - 00002354 _____ C:\Users\Mo\Desktop\Google Chrome.lnk
2013-11-07 16:13 - 2011-03-15 20:34 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA.job
2013-11-07 16:13 - 2011-03-15 20:34 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core.job
2013-11-07 16:08 - 2011-03-15 20:34 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA
2013-11-07 16:08 - 2011-03-15 20:34 - 00003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core
2013-11-07 16:07 - 2013-11-07 16:07 - 00377856 _____ C:\Users\Mo\Downloads\yk7x9e7q.exe
2013-11-07 16:01 - 2012-01-19 18:31 - 00000250 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-11-07 15:56 - 2009-07-13 23:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:56 - 2009-07-13 23:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 15:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-07 15:48 - 2009-07-13 23:51 - 00059549 _____ C:\Windows\setupact.log
2013-11-07 10:43 - 2013-11-06 20:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-07 10:29 - 2013-11-07 01:27 - 00000000 ____D C:\ProgramData\3an373df
2013-11-07 10:29 - 2013-10-25 13:34 - 00000000 ____D C:\ProgramData\3an373di
2013-11-07 10:29 - 2012-10-09 21:55 - 00000000 ____D C:\ProgramData\Sendori
2013-11-07 10:28 - 2013-09-05 17:03 - 00000000 ____D C:\ProgramData\3an373dT
2013-11-07 10:28 - 2013-09-05 16:57 - 00000000 ____D C:\ProgramData\3an373dV
2013-11-07 10:28 - 2013-09-05 16:51 - 00000000 ____D C:\ProgramData\3an373dX
2013-11-07 10:28 - 2013-09-05 16:41 - 00000000 ____D C:\ProgramData\3an373d3
2013-11-07 10:28 - 2013-08-30 07:34 - 00000000 ____D C:\ProgramData\3an373d2
2013-11-07 10:27 - 2013-09-05 16:45 - 00000000 ____D C:\ProgramData\3an373d1
2013-11-07 10:27 - 2013-08-28 17:42 - 00000000 ____D C:\ProgramData\3an37333
2013-11-07 10:26 - 2013-05-16 01:48 - 00000000 ____D C:\Program Files (x86)\HappyLyrics
2013-11-07 10:13 - 2009-12-17 02:22 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A94B0677-1603-4AA0-BF18-D817F5F718BD}
2013-11-07 10:10 - 2013-09-08 17:14 - 00000118 _____ C:\Users\Mo\Desktop\Antivirus Security Pro support.url
2013-11-07 10:10 - 2013-08-30 07:41 - 00001668 _____ C:\Users\Mo\Desktop\Antivirus Security Pro.lnk
2013-11-07 10:09 - 2013-02-26 21:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 01:34 - 2009-07-14 00:13 - 00726254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-25 13:35 - 2013-09-05 16:53 - 00000004 _____ C:\Users\Mo\AppData\Roaming\cache.ini
2013-10-25 13:34 - 2013-10-25 13:34 - 00000000 ____D C:\Users\Mo\AppData\Roaming\Tific
2013-10-25 13:34 - 2013-10-25 13:34 - 00000000 ____D C:\Users\Mo\AppData\Local\Symantec
2013-10-25 13:22 - 2013-10-25 13:22 - 00000000 ____D C:\FRST
2013-10-24 10:30 - 2010-01-09 03:32 - 00000000 ____D C:\ProgramData\Recovery
2013-10-24 10:12 - 2013-09-23 19:15 - 00000000 ____D C:\ProgramData\3an373d7
2013-10-24 10:12 - 2013-02-26 21:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-24 10:12 - 2010-02-19 18:16 - 00000000 ____D C:\Users\Mcx1-MO-PC
2013-10-24 10:12 - 2009-12-17 02:21 - 00000000 ___RD C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-24 10:12 - 2009-12-17 02:16 - 00000000 ____D C:\Users\Mo
2013-10-24 10:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-10-24 10:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-24 10:04 - 2013-10-24 05:49 - 00000000 ____D C:\ProgramData\3an373d5
2013-10-24 10:04 - 2013-10-24 04:27 - 00000000 ____D C:\ProgramData\3an373dg
 
Files to move or delete:
====================
C:\Users\Mo\AppData\Roaming\cache.ini
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
 
Some content of TEMP:
====================
C:\Users\Mo\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Mo\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mo\AppData\Local\Temp\htmlayout.dll
C:\Users\Mo\AppData\Local\Temp\Installhelper.dll
C:\Users\Mo\AppData\Local\Temp\Resource.exe
C:\Users\Mo\AppData\Local\Temp\sp58915.exe
C:\Users\Mo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Mo\AppData\Local\Temp\toolbar1888341901.exe
C:\Users\Mo\AppData\Local\Temp\uninstall38153944.exe
C:\Users\Mo\AppData\Local\Temp\uninstall38169061.exe
C:\Users\Mo\AppData\Local\Temp\uninstall38169092.exe
C:\Users\Mo\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mo\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-11-07 02:21
 
==================== End Of Log ============================
Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Regarding the Addition.txt, I am not sure I understand that part. After the initial scan and the FRST.txt is created, then go back and click Addition.txt in the box, while leaving the same items checked off from before and scan? I did not want to continue without clarifying the last step in the procedure.

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

We only need the addition.txt after the first scan with FRST so leave the checkmark next to the field and hit scan - FRST produces two different log files then, FRST.txt and Addition.txt.

If the checkmark isn´t placed, place one and hit scan. Then psot up the addition.txt

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Okay, here is the Addition,txt. . 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Mo at 2013-11-08 16:04:36
Running from C:\Users\Mo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 2.2.0)
1ClickDownloader (x32 Version: 2.1 Build 26473)
Activate Norton Online Backup (x32 Version: 1.1.20.0)
Adobe After Effects CS4 (x32 Version: 9)
Adobe After Effects CS4 Presets (x32 Version: 9)
Adobe AIR (x32 Version: 1.1.0.5790)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader 9.4.6 (x32 Version: 9.4.6)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
AOL Messaging Toolbar (HKCU)
AOL Messaging Toolbar (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32)
ATI Catalyst Install Manager (Version: 3.0.765.0)
BearShare (x32 Version: 10.0.0.129023)
BlackBerry USB Drivers (x32 Version: 2.00.0004)
Bonjour (Version: 3.0.0.10)
BrowserProtect (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (x32 Version: 2009.0520.1631.27815)
Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984)
CCC Help Czech (x32 Version: 2010.0310.1823.32984)
CCC Help Danish (x32 Version: 2010.0310.1823.32984)
CCC Help Dutch (x32 Version: 2010.0310.1823.32984)
CCC Help English (x32 Version: 2010.0310.1823.32984)
CCC Help Finnish (x32 Version: 2010.0310.1823.32984)
CCC Help French (x32 Version: 2010.0310.1823.32984)
CCC Help German (x32 Version: 2010.0310.1823.32984)
CCC Help Greek (x32 Version: 2010.0310.1823.32984)
CCC Help Hungarian (x32 Version: 2010.0310.1823.32984)
CCC Help Italian (x32 Version: 2010.0310.1823.32984)
CCC Help Japanese (x32 Version: 2010.0310.1823.32984)
CCC Help Korean (x32 Version: 2010.0310.1823.32984)
CCC Help Norwegian (x32 Version: 2010.0310.1823.32984)
CCC Help Polish (x32 Version: 2010.0310.1823.32984)
CCC Help Portuguese (x32 Version: 2010.0310.1823.32984)
CCC Help Russian (x32 Version: 2010.0310.1823.32984)
CCC Help Spanish (x32 Version: 2010.0310.1823.32984)
CCC Help Swedish (x32 Version: 2010.0310.1823.32984)
CCC Help Thai (x32 Version: 2010.0310.1823.32984)
CCC Help Turkish (x32 Version: 2010.0310.1823.32984)
ccc-core-static (x32 Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conduit Engine (x32 Version: )
Connect (x32 Version: 1.0.0.1)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
Creative Audio Control Panel (x32 Version: 3.00)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101)
DAEMON Tools Toolbar (x32 Version: 1.0.8.0552)
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.16.16)
DigiDo (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DivX Setup (x32 Version: 2.6.1.9)
Download Updater (AOL Inc.) (x32)
DVD and CD Cover Print (x32 Version: 3.0)
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU Version: 1.5.3.0)
FL Studio 9 (x32)
Google Chrome (HKCU Version: 30.0.1599.101)
Happy Lyrics (x32)
Hardcore (x32)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Homepage Protection (x32 Version: )
Host OpenAL (x32 Version: 1.00)
HP Advisor (x32 Version: 3.3.12286.3436)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Easy Backup (x32 Version: 1.0.8.0)
HP Games (x32 Version: 1.0.0.71)
HP MediaSmart Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 3.0.3420)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (x32 Version: 2.10.0000)
HP Photo Creations (x32 Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Photosmart 5510 series Help (x32 Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0)
HP Remote Solution (x32 Version: 1.1.9.0)
HP Setup (x32 Version: 1.2.3220.3079)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.003.000.004)
HydraVision (x32 Version: 4.2.162.0)
IB Updater Service (x32 Version: 3.0.4.6)
iCloud (Version: 2.1.2.8)
IL Download Manager (x32)
iMesh (x32 Version: 11.0.0.127583)
Incredibar Toolbar  on IE (x32)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Interlok driver setup x64 (Version: 5.8.10)
iTunes (Version: 11.0.3.42)
Java Auto Updater (x32 Version: 2.0.2.1)
Java 6 Update 19 (x32 Version: 6.0.190)
kuler (x32 Version: 2.0)
LabelPrint (x32 Version: 2.5.1901)
LessTabs (x32 Version: 1.7.1.0)
LightScribe System Software (x32 Version: 1.18.8.1)
Live 8.0.9 (x32)
M-Audio Micro Driver 2.0.1 (x64) (Version: 2.0.1)
M-Audio Producer Driver 2.0.1 (x64) (Version: 2.0.1)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Internet Security (x32 Version: 17.9.0.12)
Octoshape add-in for Adobe Flash Player (HKCU)
PDF Settings CS4 (x32 Version: 9.0)
Perfect Resize 7.5.3 (x32 Version: 7.5.3)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
PictureMover (x32 Version: 3.3.1.19)
Pixel Bender Toolkit (x32 Version: 1.0)
PoiZone (x32)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1931)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.74.80.86)
Reason 5.0 (x32 Version: 5.0)
Safari (x32 Version: 5.34.57.2)
Sakura (x32)
Sawer (x32)
Search-Results Toolbar (x32 Version: 1.0.0.12)
SelectionLinks (x32 Version: 1.0)
Sendori (x32 Version: 2.0.15)
Sound Blaster X-Fi (x32 Version: 1.0)
Spotify (HKCU Version: 0.8.1.51.g11500dd6)
Suite Shared Configuration CS4 (x32 Version: 1.0)
Toxic Biohazard (x32)
Tpkd x64 (Version: 5.8.10)
Tunatic (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
uTorrentBar Toolbar (x32 Version: 6.2.6.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Virtual Beat Thang (x32 Version: 1.1.0)
Vyzex MPK49 (x32 Version: Vyzex MPK49 v1.02)
VZAccess Manager (x32 Version: 7.0.11.4)
Web Assistant 2.0.0.572 (Version: 2.0.0.572)
Wincore MediaBar (x32 Version: 4.0.0.3037)
WinRAR archiver (x32)
Yahoo! BrowserPlus 2.9.8 (HKCU)
 
==================== Restore Points  =========================
 
28-08-2013 07:00:11 Windows Update
02-09-2013 01:43:55 Windows Backup
11-09-2013 02:26:27 Windows Backup
27-09-2013 21:51:33 Scheduled Checkpoint
20-10-2013 06:22:36 Scheduled Checkpoint
07-11-2013 07:28:46 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0F6E7F5F-6D3C-4043-B189-A306CDBB93C5} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {1767DD4D-FDBD-4821-9CC9-8EF087B9BE07} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: {2C2F3A05-A2ED-4706-B8C8-080853C616FB} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {2EA279A7-0094-4E33-8CE8-E41C2CAF5CA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {30B74D54-A0FF-421A-814E-9843C16B6E9A} - System32\Tasks\Norton Internet Security - Mo - Full System Scan => C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-09-19] (Symantec Corporation)
Task: {4C22DB12-FEA9-4F4F-87FC-3B63CAAED565} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {4D572ADD-1A9F-4191-B83E-A063FFC8B1EE} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {8CD3C8F8-AF00-48D1-827D-262DB9C6084F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA => C:\Users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: {9A466AB8-DC2F-4319-87E3-145837E9E504} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core => C:\Users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: {B8566BE9-9817-44B3-93CA-3123F6947694} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MO-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {BA136123-1E42-4638-A4BC-CE1C28CC32E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C405D465-1807-42A6-AA75-C988599D8462} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C4F0E5B8-A3EE-41DA-AB53-151FE5EC486D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {CE04A39C-9100-43F0-9F8D-F97845D5F3E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {ECF8B08E-DFE9-4CA8-A396-D9775CA839BE} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {EF525DF1-FF2C-4AFD-8910-C9487304B660} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-07] (Adobe Systems Incorporated)
Task: {FA7593A4-A175-4113-811C-170B6D48C354} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core.job => C:\Users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA.job => C:\Users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\Norton Internet Security - Mo - Full System Scan.job => C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-01-12 11:49 - 2010-01-12 11:49 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-04-18 15:09 - 2010-04-18 15:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-30 19:36 - 2011-10-17 14:01 - 00022896 _____ () C:\Program Files (x86)\Optimum\DigiDo\AffinegyServicePS.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-17 02:21 - 2009-06-03 15:34 - 03764224 _____ () C:\Users\Mo\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-12-17 02:21 - 2009-06-03 15:43 - 01703936 _____ () C:\Users\Mo\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2009-12-09 14:07 - 2009-02-06 21:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-12-09 14:07 - 2009-03-26 17:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-12-09 14:07 - 2009-03-17 06:39 - 00148992 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2011-08-30 19:36 - 2010-08-11 19:29 - 00325632 _____ () C:\Program Files (x86)\Optimum\DigiDo\QtXml4.dll
2011-08-30 19:36 - 2010-08-11 19:29 - 01954304 _____ () C:\Program Files (x86)\Optimum\DigiDo\QtCore4.dll
2011-08-30 19:36 - 2010-08-11 19:29 - 07187456 _____ () C:\Program Files (x86)\Optimum\DigiDo\QtGui4.dll
2011-08-30 19:36 - 2010-08-11 19:29 - 00847360 _____ () C:\Program Files (x86)\Optimum\DigiDo\QtNetwork4.dll
2011-08-30 19:36 - 2011-10-17 13:45 - 00335360 _____ () C:\Program Files (x86)\Optimum\DigiDo\DigiDoFlavor.dll
2012-05-03 18:28 - 2011-08-04 15:28 - 00119808 _____ () C:\Program Files (x86)\Optimum\DigiDo\imageformats\qjpeg4.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-05-03 18:28 - 2011-10-17 13:51 - 01797632 _____ () C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNDR3400LOC.dll
2012-05-03 18:28 - 2011-10-17 13:49 - 01756160 _____ () C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNR3500LOC.dll
2013-04-07 03:54 - 2013-04-07 03:54 - 00306176 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-02-05 02:25 - 2013-02-05 02:25 - 00362029 _____ () C:\Windows\SysWOW64\jmdp\sqlite3.dll
2009-12-01 19:49 - 2009-12-01 19:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-07-11 06:59 - 2013-07-11 06:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\80237451e3e28c6dfe596c51493a7954\IsdiInterop.ni.dll
2010-06-08 15:04 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:cm9Lea5vrGCrowHpQ1TOuKUfcp
AlternateDataStreams: C:\ProgramData\Microsoft:TDJ4vVnyUR0eBvVKDEx8LJMqyvT
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Mo\Cookies:7AkkSOHiv0tZU1ELMyCCgdFs
AlternateDataStreams: C:\Users\Mo\Local Settings:1x8qmljWjIs6LJ4daG4
AlternateDataStreams: C:\Users\Mo\Local Settings:5I6dUY7FIOUa6EjE46INf9ZOD
AlternateDataStreams: C:\Users\Mo\Local Settings:WDmXtYtdgKLo1xsHxFszz33
AlternateDataStreams: C:\Users\Mo\AppData\Local:1x8qmljWjIs6LJ4daG4
AlternateDataStreams: C:\Users\Mo\AppData\Local:5I6dUY7FIOUa6EjE46INf9ZOD
AlternateDataStreams: C:\Users\Mo\AppData\Local:WDmXtYtdgKLo1xsHxFszz33
AlternateDataStreams: C:\Users\Mo\AppData\Local\Application Data:1x8qmljWjIs6LJ4daG4
AlternateDataStreams: C:\Users\Mo\AppData\Local\Application Data:5I6dUY7FIOUa6EjE46INf9ZOD
AlternateDataStreams: C:\Users\Mo\AppData\Local\Application Data:WDmXtYtdgKLo1xsHxFszz33
AlternateDataStreams: C:\Users\Mo\AppData\Local\Temp:Rco5oSshexl0gLTNqQQJ1xs
AlternateDataStreams: C:\Users\Mo\AppData\Local\Temp:YGNwm2zkmxuDdn33rycXl
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== Faulty Device Manager Devices =============
 
Name: Xbox 360
Description: Xbox 360
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/08/2013 03:54:59 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:58 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30007296 (0x0000000001c9e000) (database page 7325 (0x1C9D)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:58 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30003200 (0x0000000001c9d000) (database page 7324 (0x1C9C)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:53 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:53 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT) (User: )
Description: Catalog Database (1220) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 30015488 (0x0000000001ca0000) (database page 7327 (0x1C9F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (11/08/2013 03:55:26 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (11/08/2013 03:55:26 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/08/2013 03:54:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/08/2013 03:54:16 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (11/08/2013 03:54:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/08/2013 03:53:53 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE
 
Error: (11/07/2013 09:07:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/07/2013 09:07:16 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (11/07/2013 09:07:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/07/2013 09:07:12 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8005202040, 0xfffff80004bee510)C:\Windows\MEMORY.DMP110713-38111-01
 
 
Microsoft Office Sessions:
=========================
Error: (11/08/2013 03:54:59 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:58 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30007296 (0x0000000001c9e000)4096 (0x00001000)-1019 (0xfffffc05)7325 (0x1C9D)
 
Error: (11/08/2013 03:54:58 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30003200 (0x0000000001c9d000)4096 (0x00001000)-1019 (0xfffffc05)7324 (0x1C9C)
 
Error: (11/08/2013 03:54:53 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:53 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
Error: (11/08/2013 03:54:52 PM) (Source: ESENT)(User: )
Description: Catalog Database1220Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb30015488 (0x0000000001ca0000)4096 (0x00001000)-1019 (0xfffffc05)7327 (0x1C9F)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 6135.08 MB
Available physical RAM: 3955.01 MB
Total Pagefile: 12268.35 MB
Available Pagefile: 10335.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:583.33 GB) (Free:455.58 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.74 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

µTorrent
1ClickDownloader
AOL Messaging Toolbar
AOL Messaging Toolbar
BearShare
BrowserProtect
Conduit Engine
DAEMON Tools Toolbar
Delta Chrome Toolbar
Delta toolbar
DigiDo
IB Updater Service
Incredibar Toolbar  on IE
McAfee Security Scan Plus
Microsoft Live Search Toolbar
Search-Results Toolbar
Unity Web Player
uTorrentBar Toolbar
Wincore MediaBar
Yahoo! BrowserPlus


Close the window.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

I found and removed the list of programs, I then disabled my antivirus and ran CF, here are the results . . 

 

ComboFix 13-11-11.01 - Mo 11/11/2013  20:23:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.4684 [GMT -5:00]
Running from: c:\users\Mo\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\9519~1\A535~1\E628~1\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\@
c:\program files (x86)\Google\Desktop\Install\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\9519~1\A535~1\E628~1\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\U\00000001.@
c:\program files (x86)\Google\Desktop\Install\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\9519~1\A535~1\E628~1\{e82f18dc-32de-da9b-d3f9-6064e851ccae}\U\80000001.@
c:\program files (x86)\HappyLyrics
c:\program files (x86)\HappyLyrics\chrome.crx
c:\program files (x86)\HappyLyrics\FF\chrome.manifest
c:\program files (x86)\HappyLyrics\FF\chrome\content\icon.png
c:\program files (x86)\HappyLyrics\FF\chrome\content\main.js
c:\program files (x86)\HappyLyrics\FF\chrome\content\overlay.xul
c:\program files (x86)\HappyLyrics\FF\install.rdf
c:\program files (x86)\HappyLyrics\Uninstall.exe
c:\program files (x86)\OApps\SeLEctionlinks.dll
c:\users\Mo\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Mo\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Mo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-12 01:31 . 2013-11-12 01:31 -------- d-----w- c:\users\Mcx1-MO-PC\AppData\Local\temp
2013-11-12 01:31 . 2013-11-12 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 06:27 . 2013-11-07 15:29 -------- d-----w- c:\programdata\3an373df
2013-11-07 01:04 . 2013-11-07 15:43 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-10-25 18:34 . 2013-11-07 15:29 -------- d-----w- c:\programdata\3an373di
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Roaming\Tific
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Local\Symantec
2013-10-25 18:22 . 2013-10-25 18:22 -------- d-----w- C:\FRST
2013-10-24 10:49 . 2013-10-24 15:04 -------- d-----w- c:\programdata\3an373d5
2013-10-24 09:27 . 2013-10-24 15:04 -------- d-----w- c:\programdata\3an373dg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 22:36 . 2011-10-02 20:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-07 22:36 . 2013-06-12 01:36 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-14 07:00 . 2009-12-18 13:18 78161360 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-10 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CL2927105NR;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BF22BR305NR;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131110.003\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131110.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:36]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-11-11 c:\windows\Tasks\Norton Internet Security - Mo - Full System Scan.job
- c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-10-11 22:03]
.
2013-08-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-06-22 749576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - c:\program files (x86)\OApps\SelectionLinks.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-DVD and CD Cover Print - c:\windows\System32\UNWISE.EXE
AddRemove-happylyrics@hpyproductions.net - c:\program files (x86)\HappyLyrics\uninstall.exe
AddRemove-{232A756D-E4B4-4779-9232-DFF5374FC334}_is1 - j:\vyzex mpk49\Win32\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\PictureMover\Bin\PictureMover.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-11-11  20:39:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-12 01:39
.
Pre-Run: 497,623,203,840 bytes free
Post-Run: 498,210,787,328 bytes free
.
- - End Of File - - E8BCB97BE3173AE01123A705E7A9CCFB
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Here is the new log . . 

 

ComboFix 13-11-12.01 - Mo 11/13/2013  21:46:02.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.4559 [GMT -5:00]
Running from: c:\users\Mo\Downloads\ComboFix.exe
Command switches used :: c:\users\Mo\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2013-11-14 02:53 . 2013-11-14 02:53 -------- d-----w- c:\users\Mcx1-MO-PC\AppData\Local\temp
2013-11-14 02:53 . 2013-11-14 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 06:27 . 2013-11-07 15:29 -------- d-----w- c:\programdata\3an373df
2013-11-07 01:04 . 2013-11-07 15:43 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-10-25 18:34 . 2013-11-07 15:29 -------- d-----w- c:\programdata\3an373di
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Roaming\Tific
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Local\Symantec
2013-10-25 18:22 . 2013-10-25 18:22 -------- d-----w- C:\FRST
2013-10-24 10:49 . 2013-10-24 15:04 -------- d-----w- c:\programdata\3an373d5
2013-10-24 09:27 . 2013-10-24 15:04 -------- d-----w- c:\programdata\3an373dg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 08:00 . 2009-12-18 13:18 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-07 22:36 . 2011-10-02 20:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-07 22:36 . 2013-06-12 01:36 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\3an373d5 ----
.
2013-10-24 10:49 . 2013-10-24 10:49 0 ----a-w- c:\programdata\3an373d5\3an373d5aUgggggg.lg
2013-10-24 10:49 . 2013-10-24 10:53 81 ----a-w- c:\programdata\3an373d5\3an373d5aUgggggg.in
.
---- Directory of c:\programdata\3an373df ----
.
2013-11-07 06:27 . 2013-11-07 06:27 5430 ----a-w- c:\programdata\3an373df\3an373df.ico
2013-11-07 06:27 . 2013-11-07 15:18 628 ----a-w- c:\programdata\3an373df\3an373df.exe.manifest
2013-11-07 06:27 . 2013-11-07 15:18 81 ----a-w- c:\programdata\3an373df\3an373dfaUgggggg.in
2013-11-07 06:27 . 2013-11-07 15:13 16 ----a-w- c:\programdata\3an373df\3an373dfaUgggggg.lg
.
---- Directory of c:\programdata\3an373dg ----
.
2013-10-24 09:27 . 2013-10-24 09:27 81 ----a-w- c:\programdata\3an373dg\3an373dgaUgggggg.in
2013-10-24 09:27 . 2013-10-24 09:27 0 ----a-w- c:\programdata\3an373dg\3an373dgaUgggggg.lg
.
---- Directory of c:\programdata\3an373di ----
.
2013-10-25 18:34 . 2013-10-25 18:36 628 ----a-w- c:\programdata\3an373di\3an373di.exe.manifest
2013-10-25 18:34 . 2013-10-25 18:34 5430 ----a-w- c:\programdata\3an373di\3an373di.ico
2013-10-25 18:34 . 2013-10-25 18:34 0 ----a-w- c:\programdata\3an373di\3an373diaUgggggg.lg
2013-10-25 18:34 . 2013-10-25 18:35 81 ----a-w- c:\programdata\3an373di\3an373diaUgggggg.in
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}]
c:\program files (x86)\OApps\SelectionLinks.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-10 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CL2927105NR;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BF22BR305NR;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131112.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131112.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:36]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-14 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-11-11 c:\windows\Tasks\Norton Internet Security - Mo - Full System Scan.job
- c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-10-11 22:03]
.
2013-08-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-06-22 749576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DVD and CD Cover Print - c:\windows\System32\UNWISE.EXE
AddRemove-happylyrics@hpyproductions.net - c:\program files (x86)\HappyLyrics\uninstall.exe
AddRemove-{232A756D-E4B4-4779-9232-DFF5374FC334}_is1 - j:\vyzex mpk49\Win32\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13  21:55:40
ComboFix-quarantined-files.txt  2013-11-14 02:55
ComboFix2.txt  2013-11-12 01:39
.
Pre-Run: 502,461,612,032 bytes free
Post-Run: 501,626,806,272 bytes free
.
- - End Of File - - 738C659C62F72DBC348197996770005A
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Okay, I ran Combofix scripting again and I believe it worked, here is the file Combofix.txt file

 

ComboFix 13-11-12.01 - Mo 11/14/2013  16:11:17.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.4819 [GMT -5:00]
Running from: c:\users\Mo\Downloads\ComboFix.exe
Command switches used :: c:\users\Mo\Downloads\CFScript (1).txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Homepage Protection
c:\program files (x86)\Common Files\Homepage Protection\cs-CZ.xml
c:\program files (x86)\Common Files\Homepage Protection\cs.xml
c:\program files (x86)\Common Files\Homepage Protection\da-DK.xml
c:\program files (x86)\Common Files\Homepage Protection\da.xml
c:\program files (x86)\Common Files\Homepage Protection\de-AT.xml
c:\program files (x86)\Common Files\Homepage Protection\de-CH.xml
c:\program files (x86)\Common Files\Homepage Protection\de-DE.xml
c:\program files (x86)\Common Files\Homepage Protection\de.xml
c:\program files (x86)\Common Files\Homepage Protection\en-AU.xml
c:\program files (x86)\Common Files\Homepage Protection\en-CA.xml
c:\program files (x86)\Common Files\Homepage Protection\en-GB.xml
c:\program files (x86)\Common Files\Homepage Protection\en-IE.xml
c:\program files (x86)\Common Files\Homepage Protection\en-IN.xml
c:\program files (x86)\Common Files\Homepage Protection\en-MY.xml
c:\program files (x86)\Common Files\Homepage Protection\en-NZ.xml
c:\program files (x86)\Common Files\Homepage Protection\en-PH.xml
c:\program files (x86)\Common Files\Homepage Protection\en-SG.xml
c:\program files (x86)\Common Files\Homepage Protection\en-TH.xml
c:\program files (x86)\Common Files\Homepage Protection\en-US.xml
c:\program files (x86)\Common Files\Homepage Protection\en.xml
c:\program files (x86)\Common Files\Homepage Protection\es-AR.xml
c:\program files (x86)\Common Files\Homepage Protection\es-CL.xml
c:\program files (x86)\Common Files\Homepage Protection\es-CO.xml
c:\program files (x86)\Common Files\Homepage Protection\es-ES.xml
c:\program files (x86)\Common Files\Homepage Protection\es-MX.xml
c:\program files (x86)\Common Files\Homepage Protection\es-US.xml
c:\program files (x86)\Common Files\Homepage Protection\es-VE.xml
c:\program files (x86)\Common Files\Homepage Protection\es.xml
c:\program files (x86)\Common Files\Homepage Protection\fi-FI.xml
c:\program files (x86)\Common Files\Homepage Protection\fi.xml
c:\program files (x86)\Common Files\Homepage Protection\fr-BE.xml
c:\program files (x86)\Common Files\Homepage Protection\fr-CA.xml
c:\program files (x86)\Common Files\Homepage Protection\fr-CH.xml
c:\program files (x86)\Common Files\Homepage Protection\fr-FR.xml
c:\program files (x86)\Common Files\Homepage Protection\fr.xml
c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
c:\program files (x86)\Common Files\Homepage Protection\hpRegWriter.exe
c:\program files (x86)\Common Files\Homepage Protection\ieCheck.dll
c:\program files (x86)\Common Files\Homepage Protection\it-IT.xml
c:\program files (x86)\Common Files\Homepage Protection\it.xml
c:\program files (x86)\Common Files\Homepage Protection\ja-JP.xml
c:\program files (x86)\Common Files\Homepage Protection\ja.xml
c:\program files (x86)\Common Files\Homepage Protection\ko-KR.xml
c:\program files (x86)\Common Files\Homepage Protection\ko.xml
c:\program files (x86)\Common Files\Homepage Protection\msvcr71.dll
c:\program files (x86)\Common Files\Homepage Protection\nb-NO.xml
c:\program files (x86)\Common Files\Homepage Protection\nb.xml
c:\program files (x86)\Common Files\Homepage Protection\nl-BE.xml
c:\program files (x86)\Common Files\Homepage Protection\nl-NL.xml
c:\program files (x86)\Common Files\Homepage Protection\nl.xml
c:\program files (x86)\Common Files\Homepage Protection\pl-PL.xml
c:\program files (x86)\Common Files\Homepage Protection\pl.xml
c:\program files (x86)\Common Files\Homepage Protection\pt-BR.xml
c:\program files (x86)\Common Files\Homepage Protection\pt.xml
c:\program files (x86)\Common Files\Homepage Protection\ru-RU.xml
c:\program files (x86)\Common Files\Homepage Protection\ru.xml
c:\program files (x86)\Common Files\Homepage Protection\sv-SE.xml
c:\program files (x86)\Common Files\Homepage Protection\sv.xml
c:\program files (x86)\Common Files\Homepage Protection\tr-TR.xml
c:\program files (x86)\Common Files\Homepage Protection\tr.xml
c:\program files (x86)\Common Files\Homepage Protection\uninstall.exe
c:\program files (x86)\Common Files\Homepage Protection\zh-CN.xml
c:\program files (x86)\Common Files\Homepage Protection\zh-HK.xml
c:\program files (x86)\Common Files\Homepage Protection\zh-TW.xml
c:\program files (x86)\OApps
c:\program files (x86)\OApps\chrome-sl.crx
c:\program files (x86)\OApps\dler.exe
c:\program files (x86)\OApps\sl-apl_uninstall.exe
c:\program files (x86)\OApps\status2.txt
c:\program files (x86)\OApps\status3.txt
c:\program files (x86)\Sendori
c:\program files (x86)\Sendori\DynLib.dll
c:\program files (x86)\Sendori\freebl3.dll
c:\program files (x86)\Sendori\install.log
c:\program files (x86)\Sendori\Interop.PCProxyLib.dll
c:\program files (x86)\Sendori\libnspr4.dll
c:\program files (x86)\Sendori\libplc4.dll
c:\program files (x86)\Sendori\libplds4.dll
c:\program files (x86)\Sendori\nss3.dll
c:\program files (x86)\Sendori\nssckbi.dll
c:\program files (x86)\Sendori\nssdbm3.dll
c:\program files (x86)\Sendori\nssutil3.dll
c:\program files (x86)\Sendori\PAD_FILE.xml
c:\program files (x86)\Sendori\Sendori.dll
c:\program files (x86)\Sendori\Sendori.Library.dll
c:\program files (x86)\Sendori\Sendori.Service.exe
c:\program files (x86)\Sendori\sendori32.sys
c:\program files (x86)\Sendori\sendori32.sys.win7
c:\program files (x86)\Sendori\SendoriControl.exe
c:\program files (x86)\Sendori\SendoriLSP.exe
c:\program files (x86)\Sendori\SendoriLSP.ini
c:\program files (x86)\Sendori\SendoriLSP64.exe
c:\program files (x86)\Sendori\SendoriSvc.exe
c:\program files (x86)\Sendori\SendoriTray.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\Sendori\smime3.dll
c:\program files (x86)\Sendori\sndappv2.exe
c:\program files (x86)\Sendori\SndCertDLL.dll
c:\program files (x86)\Sendori\softokn3.dll
c:\program files (x86)\Sendori\SpOrder.dll
c:\program files (x86)\Sendori\sqlite3.dll
c:\program files (x86)\Sendori\ssl3.dll
c:\program files (x86)\Sendori\Uninstall.exe
c:\programdata\3an373d5
c:\programdata\3an373d5\3an373d5aUgggggg.in
c:\programdata\3an373d5\3an373d5aUgggggg.lg
c:\programdata\3an373df
c:\programdata\3an373df\3an373df.exe.manifest
c:\programdata\3an373df\3an373df.ico
c:\programdata\3an373df\3an373dfaUgggggg.in
c:\programdata\3an373df\3an373dfaUgggggg.lg
c:\programdata\3an373dg
c:\programdata\3an373dg\3an373dgaUgggggg.in
c:\programdata\3an373dg\3an373dgaUgggggg.lg
c:\programdata\3an373di
c:\programdata\3an373di\3an373di.exe.manifest
c:\programdata\3an373di\3an373di.ico
c:\programdata\3an373di\3an373diaUgggggg.in
c:\programdata\3an373di\3an373diaUgggggg.lg
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Sendori
-------\Service_Service Sendori
-------\Service_sndappv2
-------\Service_Web Assistant Updater
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-14 to 2013-11-14  )))))))))))))))))))))))))))))))
.
.
2013-11-14 21:50 . 2013-11-14 21:50 -------- d-----w- c:\users\Mcx1-MO-PC\AppData\Local\temp
2013-11-07 01:04 . 2013-11-07 15:43 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Roaming\Tific
2013-10-25 18:34 . 2013-10-25 18:34 -------- d-----w- c:\users\Mo\AppData\Local\Symantec
2013-10-25 18:22 . 2013-10-25 18:22 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 08:00 . 2009-12-18 13:18 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-07 22:36 . 2011-10-02 20:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-07 22:36 . 2013-06-12 01:36 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}]
c:\program files (x86)\OApps\SelectionLinks.dll [bU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-10 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CL2927105NR;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BF22BR305NR;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131113.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20131113.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:36]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001Core.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411090246-4249194424-3905523700-1001UA.job
- c:\users\Mo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-16 01:34]
.
2013-11-14 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-11-11 c:\windows\Tasks\Norton Internet Security - Mo - Full System Scan.job
- c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-10-11 22:03]
.
2013-08-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-06-22 749576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ABD3B5E1-B268-407B-A150-2641DAB8D898} - c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DVD and CD Cover Print - c:\windows\System32\UNWISE.EXE
AddRemove-happylyrics@hpyproductions.net - c:\program files (x86)\HappyLyrics\uninstall.exe
AddRemove-Homepage Protection - c:\program files (x86)\Common Files\Homepage Protection\uninstall.exe
AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
AddRemove-sl-apl - c:\program files (x86)\OApps\sl-apl_uninstall.exe
AddRemove-{232A756D-E4B4-4779-9232-DFF5374FC334}_is1 - j:\vyzex mpk49\Win32\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PictureMover\Bin\PictureMover.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-11-14  16:59:06 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-14 21:59
ComboFix2.txt  2013-11-14 02:55
ComboFix3.txt  2013-11-12 01:39
.
Pre-Run: 501,629,452,288 bytes free
Post-Run: 501,497,606,144 bytes free
.
- - End Of File - - FE4B0EEF6A6721A77F6CC2048FA1FD67
Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Downloaded and ran Malwarebytes' Anti-Malware and here is that log

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.14.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mo :: MO-PC [administrator]
 
Protection: Enabled
 
11/14/2013 6:41:16 PM
mbam-log-2013-11-14 (18-41-16).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|M:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 541007
Time elapsed: 1 hour(s), 13 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 15
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8A2BBD3A-2130-4882-B198-863271F320DE} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\Interface\{39E6096A-E5CA-483A-A05C-AA967F48FD1C} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www1.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=38B740618637C80F -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 7
C:\Users\Mo\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Chrome (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32 (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Users\Mo\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Mo\AppData\Roaming\OpenCandy\AB6516C24265435BADC0169DCF7C48BA (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
Files Detected: 16
C:\Users\Mo\Downloads\AIM_Install.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Mo\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Mo\Downloads\mplayer.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Mo\Downloads\Setup (2).exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Mo\Downloads\setup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Mo\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Mo\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\terms-of-service.rtf (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Uninstall.exe (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\UAC-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Users\Mo\AppData\Roaming\OpenCandy\AB6516C24265435BADC0169DCF7C48BA\SendoriSetupx10403.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Here is the list of found threats

 

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\OApps\SeLEctionlinks.dll.vir Win32/AdWare.Facetheme.F application
C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application
C:\Users\Mo\Downloads\DownloadSetup (1).exe Win32/InstallMate.A application
C:\Users\Mo\Downloads\DownloadSetup (2).exe Win32/InstallMate.D application
C:\Users\Mo\Downloads\DownloadSetup.exe Win32/InstalleRex.C application
C:\Users\Mo\Downloads\Drive___Soundtrack__2011_.exe Win32/Adware.1ClickDownload application
C:\Users\Mo\Downloads\FLVMPlayer-1.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\FLVMPlayer-2.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\FLVMPlayer.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\SaveAs.exe Win32/InstallMate application
C:\Users\Mo\Downloads\UTPlayer_Setup.exe Win32/InstallMonetizer.AN application
F:\Music - Pineapple laptop\dallas green cover version feat Jay-Z Rihanna.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\Music - Pineapple laptop\Lady GaGa feat. Colby O'Donis - Just Dance (Remixes) - EP.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Please delete:

 

C:\ProgramData\BrowserProtect

C:\Users\All Users\BrowserProtect

 

 

These files

 

C:\Users\Mo\Downloads\DownloadSetup (1).exe Win32/InstallMate.A application
C:\Users\Mo\Downloads\DownloadSetup (2).exe Win32/InstallMate.D application
C:\Users\Mo\Downloads\DownloadSetup.exe Win32/InstalleRex.C application
C:\Users\Mo\Downloads\Drive___Soundtrack__2011_.exe Win32/Adware.1ClickDownload application
C:\Users\Mo\Downloads\FLVMPlayer-1.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\FLVMPlayer-2.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\FLVMPlayer.exe MSIL/Solimba.O application
C:\Users\Mo\Downloads\SaveAs.exe Win32/InstallMate application
C:\Users\Mo\Downloads\UTPlayer_Setup.exe Win32/InstallMonetizer.AN application
F:\Music - Pineapple laptop\dallas green cover version feat Jay-Z Rihanna.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\Music - Pineapple laptop\Lady GaGa feat. Colby O'Donis - Just Dance (Remixes) - EP.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites
Mo23

Mo23

Posted
  • Author
Posted

Adwcleaner.txt

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 18:12:53
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mo - MO-PC
# Running from : C:\Users\Mo\Downloads\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Mo\AppData\Local\iMesh
Folder Deleted : C:\Users\Mo\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mo\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Mo\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Mo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mo\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Mo\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Mo\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Mo\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Mo\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Mo\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Mo\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [happylyrics@hpyproductions.net]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Deleted : HKCU\Software\58e8cdeb569ea40
Key Deleted : HKLM\SOFTWARE\58e8cdeb569ea40
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Imesh
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sl-apl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\Software\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\Software\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Mo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [13206 octets] - [18/11/2013 18:00:35]
AdwCleaner[R1].txt - [13271 octets] - [18/11/2013 18:11:57]
AdwCleaner[s0].txt - [12726 octets] - [18/11/2013 18:12:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12787 octets] ##########
 
 
Security Check, checkup.txt
 
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 19  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 10 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-10/worldwide-languages
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.