Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: andiek1987 on July 12, 2012, 10:20:31 PM
-
I've had my laptop for a long time, but lately it has been REALLY slow and when I ran a few scans it found nothing. Running the scans suggested on here though it found A LOT of stuff. I've been trying to get rid of things off the computer that I don't use or need to try to speed up my computer a little. A few of the programs won't delete though. The two main ones are the couponalert program and the Yontoo levels program. I have attached all the logs that I need.
Superspyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/12/2012 at 11:22 PM
Application Version : 5.1.1002
Core Rules Database Version : 6003
Trace Rules Database Version: 3815
Scan type : Complete Scan
Total Scan Time : 02:39:38
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 810
Memory threats detected : 0
Registry items scanned : 44225
Registry threats detected : 3
File items scanned : 194562
File threats detected : 287
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-2925159559-2628278266-1087649930-1000\Software\Microsoft\Internet Explorer\Main#Start Page [ http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm282^S01025^us&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&si=44276-1XXX197214 ]
Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20090604
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20090604
Adware.Tracking Cookie
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@google[4].txt [ Cookie:[email protected]/accounts/ ]
.atdmt.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.canalblog.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s02.flagcounter.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.akamai.interclickproxy.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pagetrackr.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pagetrackr.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pagetrackr.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.seniorsavingsdiscounts.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.seniorsavingsdiscounts.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.seniorsavingsdiscounts.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.discount4sale.org [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.discount4sale.org [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.discount4sale.org [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.discount4sale.org [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.discount4sale.org [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
medias.jeu.info [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oggifinogi.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad6media.fr [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad6media.fr [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.horyzon-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dominionenterprises.112.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viator.122.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediacet.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.edge7.mediacet.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www4.addfreestats.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clickcare.app10.hubspot.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.app10.hubspot.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
info.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.app10.hubspot.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickcare.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
d.mediaforge.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.animalsexfun.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.animalsexfun.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.animalsexfun.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
*Blocked Russian URL* [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymommacooks.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymommacooks.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymommacooks.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymommacooks.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youjizzteentube.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
matcher.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mtvn.112.2o7.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ilivid.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.updates.mywebsearch.com [ C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYETNBLO.DEFAULT\COOKIES.SQLITE ]
Malware log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.13.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: ANDREA-PC [administrator]
7/12/2012 11:33:55 PM
mbam-log-2012-07-12 (23-33-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235993
Time elapsed: 14 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 53
HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 9
C:\Program Files\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\gen1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 12
C:\Program Files\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\gen1\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Andrea at 0:02:43 on 2012-07-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.760 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\IDrive\IDriveE Service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\IDrive\IDrivePlugin.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Andrea\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Users\Andrea\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Andrea\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm282^S01025^us&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&si=44276-1XXX197214
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Post-it® Digital Notes: {735abc4c-9266-4008-9ef6-bc60be8de31f} - mscoree.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IDriveE Startup] "c:\idrive\IDrvieEStartup.exe" Hide
uRun: [Akamai NetSession Interface] "c:\users\andrea\appdata\local\akamai\netsession_win.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\pdnotes\PDNotes.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Create a Post-it® Note - c:\program files\3m\pdnotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Artist%20Colony/Images/stg_drm.ocx
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Artist%20Colony/Images/armhelper.ocx
DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} - hxxp://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{461E838F-FB17-4B31-8E0F-A3F52F838F10} : DhcpNameServer = 192.168.13.1
TCP: Interfaces\{CD22D3AD-7079-4657-B535-F56F795C5836} : DhcpNameServer = 192.168.10.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\dyetnblo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&ind=2012052212&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214&searchfor=
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\dyetnblo.default\extensions\{8441a635-f141-4d5a-a974-481eca9a35c8}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\dyetnblo.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\andrea\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.hardId - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15383
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-18 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-19 353688]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-11 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-19 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-19 57656]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-11-8 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-19 44808]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-9-13 157128]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-3-29 84832]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-25 517448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-29 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
.
=============== Created Last 30 ================
.
2012-07-13 03:32:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 03:32:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 00:07:02 -------- d-----w- c:\program files\Oracle
2012-07-12 20:54:21 -------- d-----w- c:\users\andrea\appdata\local\CRE
2012-07-12 19:12:44 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 06:19:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5bdf314e-a247-4176-adce-4c20c252a9bd}\offreg.dll
2012-07-12 05:56:01 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5bdf314e-a247-4176-adce-4c20c252a9bd}\mpengine.dll
2012-07-11 04:31:52 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 04:31:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 04:31:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 04:30:54 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 04:30:53 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 04:30:53 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 03:00:12 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-11 03:00:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-28 20:52:41 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-28 20:52:40 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-28 20:52:39 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-28 20:51:51 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-28 20:24:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-28 20:23:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-28 20:23:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-28 20:23:02 33792 ----a-w- c:\windows\system32\wuapp.exe
.
==================== Find3M ====================
.
2012-07-13 04:03:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 04:03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:06:35.91 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/28/2008 9:58:08 PM
System Uptime: 7/12/2012 11:52:21 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0UK437
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | Microprocessor | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 188.678 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.005 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*IS
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I noticed you have two AV's on your computer. Just make sure that only one is enabled at any time or it will cause conflicts.
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.
***********************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
***********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
So here is the list from HIjackthis. I tried running the aswmbr but my computer crashed mid-scan. I haven't done the combofix yet as I wasn't sure what to do after the crash.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Avery Wizard 4.0
AVG 2011
AVG 2011
AVG 2011
Banctec Service Agreement
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
CCleaner
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
EarthLink Setup Files
EDocs
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
IDrive version 3.4.1 July 27, 2011
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 7 Update 5
JavaFX 2.1.1
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.62.0.1300
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PhotoFiltre
Post-it® Digital Notes
Product Documentation Launcher
QuickSet
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Serif PhotoPlus SE PRO
SigmaTel Audio
Skype Toolbars
Skype™ 5.3
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
System Requirements Lab
The Print Shop 2.0 Deluxe
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.0
WebEx Support Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
Yontoo Layers Client 1.10.01
-
Delete An Uninstall Entry
•Start HijackThis
•Click on the Open the Misc Tools section
•Click on the Open Uninstall Manager button.
•Highlight the entry you want to remove.
•Click Yontoo Layers Client 1.10.01
You can also uninstall
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
as they are no longer needed.
I suspect that the couponalerts program is being triggered by Coupon Printer for Windows. You may have to uninstall this program to get rid of the alerts or you may be able to change the settings to get rid of the alerts.
****************************************************************
If you can't get aswMBR.exe to run please try ComboFix.
-
Ok so I got Java 6 update 31 and 6 update 5, but when I tried to get rid of the last one, I got this error:
Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
Yontoo Layers wouldn't install either (before I got this message).
-
Here is my combofix report
ComboFix 12-07-14.01 - Andrea 07/15/2012 16:26:41.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.661 [GMT -4:00]
Running from: c:\users\Andrea\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPLF121.tmp
c:\users\Andrea\AppData\Roaming\inst.exe
c:\users\Andrea\Documents\~WRL0001.tmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 20:45 . 2012-07-15 20:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-15 20:45 . 2012-07-15 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 05:45 . 2012-07-14 05:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA206FF-A04B-407F-AFAB-10CFAE772C36}\offreg.dll
2012-07-13 17:14 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA206FF-A04B-407F-AFAB-10CFAE772C36}\mpengine.dll
2012-07-13 04:04 . 2012-07-13 04:04 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-07-13 04:03 . 2012-07-13 04:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 03:32 . 2012-07-13 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 03:32 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 00:07 . 2012-07-13 00:07 -------- d-----w- c:\program files\Oracle
2012-07-12 20:54 . 2012-07-12 20:54 -------- d-----w- c:\users\Andrea\AppData\Local\CRE
2012-07-12 19:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:31 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 04:31 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 04:31 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 04:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 04:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 04:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 03:00 . 2012-07-11 03:00 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-11 03:00 . 2012-07-11 03:00 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-28 20:52 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-28 20:52 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-28 20:52 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-28 20:51 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-28 20:24 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-28 20:24 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-28 20:24 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-28 20:24 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-28 20:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-28 20:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-28 20:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-28 20:23 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-28 20:23 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 04:03 . 2011-06-26 23:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-06-07 16:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-10-02 14:42 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21 . 2010-12-19 17:37 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-11-18 19:42 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-12-19 17:37 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-12-19 17:37 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-12-19 17:37 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-12-19 17:37 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-12-19 17:37 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-12-19 17:37 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-11 03:00 . 2012-02-12 04:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-23 18:28 . 2009-09-28 17:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 16:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-29 68856]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-06-24 185800]
"Akamai NetSession Interface"="c:\users\Andrea\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-07 255592]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-29 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Post-it(R) Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2009-9-28 6849248]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-13 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-29 07:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 04:03]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:13]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:13]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm282^S01025^us&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&si=44276-1XXX197214
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
IE: Create a Post-it® Note - c:\program files\3M\PDNotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} - hxxp://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\dyetnblo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&ind=2012052212&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214&searchfor=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.hardId - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15383
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Andrea\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-{F850707C-B6A0-4B56-8709-F89CF8F9AC6D} - c:\users\Andrea\AppData\Local\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 16:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-15 16:51:13
ComboFix-quarantined-files.txt 2012-07-15 20:51
.
Pre-Run: 204,694,339,584 bytes free
Post-Run: 203,278,852,096 bytes free
.
- - End Of File - - 304FA4ECFA5C0C5378315B9ECD462E85
-
I noticed that you have two AV's on your computer; avast! Antivirus and AVG Anti-Virus Free Edition 2011. Make sure that only one is enabled at any time on your computer otherwise it will cause conflicts.
Please keep trying to run the aswMBR.exe scan in Reply # 1
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
Firefox::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&ind=2012052212&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214&searchfor=
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.hardId - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15383
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
I tried to run the aswMBR.exe and my computer crashed again. I got a blue screen that said it was dumping my files or something like that and my computer restarted.
Combofix log:
ComboFix 12-07-14.01 - Andrea 07/16/2012 8:23.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.790 [GMT -4:00]
Running from: c:\users\Andrea\Downloads\ComboFix.exe
Command switches used :: c:\users\Andrea\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 12:37 . 2012-07-16 12:42 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-07-16 12:37 . 2012-07-16 12:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-16 12:37 . 2012-07-16 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 22:11 . 2012-07-15 22:12 -------- d-----w- c:\program files\AVG Secure Search
2012-07-15 22:10 . 2012-07-15 22:17 -------- d-----w- c:\programdata\AVG2012
2012-07-15 22:10 . 2012-07-15 22:15 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-15 21:45 . 2012-07-15 21:45 -------- d-----w- c:\users\Andrea\AppData\Local\AVG Secure Search
2012-07-15 21:43 . 2012-07-15 21:51 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-15 21:43 . 2012-07-15 21:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-15 21:13 . 2012-07-15 21:13 -------- d-----w- c:\users\Andrea\AppData\Roaming\AVG2012
2012-07-14 05:45 . 2012-07-14 05:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA206FF-A04B-407F-AFAB-10CFAE772C36}\offreg.dll
2012-07-13 17:14 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA206FF-A04B-407F-AFAB-10CFAE772C36}\mpengine.dll
2012-07-13 04:04 . 2012-07-13 04:04 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-07-13 04:03 . 2012-07-13 04:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 03:32 . 2012-07-13 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 03:32 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 00:07 . 2012-07-13 00:07 -------- d-----w- c:\program files\Oracle
2012-07-12 20:54 . 2012-07-12 20:54 -------- d-----w- c:\users\Andrea\AppData\Local\CRE
2012-07-11 04:31 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 04:31 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 04:31 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 04:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 04:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 03:00 . 2012-07-11 03:00 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-11 03:00 . 2012-07-11 03:00 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-28 20:52 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-28 20:52 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-28 20:52 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-28 20:51 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 04:03 . 2011-06-26 23:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-06-07 16:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-10-02 14:42 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:40 . 2012-07-12 19:12 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-02 22:19 . 2012-06-28 20:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 20:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 20:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 20:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-28 20:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-28 20:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-28 20:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-28 20:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-28 20:23 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:25 . 2012-07-12 19:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 00:04 . 2012-07-11 04:30 278528 ----a-w- c:\windows\system32\schannel.dll
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-07-11 03:00 . 2012-02-12 04:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-23 18:28 . 2009-09-28 17:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-15 22:11 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-29 68856]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-06-24 185800]
"Akamai NetSession Interface"="c:\users\Andrea\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-07 255592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-15 1107552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-29 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Post-it(R) Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2009-9-28 6849248]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-13 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-29 07:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 04:03]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:13]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:13]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
IE: Create a Post-it® Note - c:\program files\3M\PDNotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} - hxxp://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\dyetnblo.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=FBE4006F-45A9-4B60-9C4A-7CC5F3B78597&n=77ed7af4&p2=^CD^xdm282^S01025^us&si=44276-1XXX197214
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B32d04f3a-1641-4829-8256-aa2aa84d60f3%7D&mid=80823eb1a78ff1f768c3aa55a64de24b-c88ba3e51c26fba784d6210b6b561dec1b0fc419&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-15%2017%3A43%3A54&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.hardId - c6df630f000000000000001644df1832
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15383
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 08:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\atashost.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\idrive\IDriveE Service.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\idrive\IDrivePlugin.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\AVG\AVG2012\avgcfgex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-07-16 08:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 12:50
ComboFix2.txt 2012-07-16 12:16
ComboFix3.txt 2012-07-15 20:51
.
Pre-Run: 202,816,274,432 bytes free
Post-Run: 202,678,788,096 bytes free
.
- - End Of File - - A6DF13B7C2CE96ACE0DD81D02D2E2573
Screen317 Check
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
CCleaner
JavaFX 2.1.1
Java(TM) 7 Update 5
Java(TM) 6 Update 3
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````[/u]
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 900C2000
Module End: 90180000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: 92DCD000
Module End: 92DD5000
Hidden: Yes
Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: 92DD5000
Module End: 92DD7000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: 92C76004
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwNotifyChangeMultipleKeys
Address: 92C760D4
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwOpenProcess
Address: 92C75D76
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwTerminateProcess
Address: 92C75E1E
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwTerminateThread
Address: 92C75EBA
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Function Name: ZwWriteVirtualMemory
Address: 92C75F56
Driver Base: 92C75000
Driver End: 92C78000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
Status: Access denied
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
*****************************************************
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I did the ESET scan but it didn't make a log... it did find 1 threat.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1720
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 165):
0x83237000 \SystemRoot\system32\ntkrnlpa.exe
0x83204000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x88C02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88C73000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88C81000 \SystemRoot\system32\drivers\acpi.sys
0x88CC7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88CD0000 \SystemRoot\system32\drivers\msisadrv.sys
0x88CD8000 \SystemRoot\system32\drivers\pci.sys
0x88CFF000 \SystemRoot\System32\drivers\partmgr.sys
0x88D0F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88D12000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88D1C000 \SystemRoot\system32\drivers\volmgr.sys
0x88D2B000 \SystemRoot\System32\drivers\volmgrx.sys
0x88D75000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88D7C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88D8A000 \SystemRoot\system32\drivers\pciide.sys
0x88D91000 \SystemRoot\System32\drivers\mountmgr.sys
0x88E07000 \SystemRoot\system32\drivers\iastorv.sys
0x88EA8000 \SystemRoot\system32\drivers\iastor.sys
0x88F66000 \SystemRoot\system32\drivers\atapi.sys
0x88F6E000 \SystemRoot\system32\drivers\ataport.SYS
0x88F8C000 \SystemRoot\system32\drivers\fltmgr.sys
0x88FBE000 \SystemRoot\system32\drivers\fileinfo.sys
0x89007000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89079000 \SystemRoot\system32\drivers\ndis.sys
0x89184000 \SystemRoot\system32\drivers\msrpc.sys
0x891AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8920F000 \SystemRoot\System32\drivers\tcpip.sys
0x892F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8940D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8951D000 \SystemRoot\system32\drivers\volsnap.sys
0x89556000 \SystemRoot\System32\Drivers\spldr.sys
0x8955E000 \SystemRoot\System32\Drivers\mup.sys
0x8956D000 \SystemRoot\System32\drivers\ecache.sys
0x89594000 \SystemRoot\system32\drivers\disk.sys
0x895A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x895C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x895CF000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x895D6000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x895E7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x895F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x893D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CC03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D664000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D666000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D706000 \SystemRoot\System32\drivers\watchdog.sys
0x8D712000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D71D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D75B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D76A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E00A000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E10C000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8E11C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E12C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E13A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E154000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E162000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E176000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E1C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88FCE000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8E1DA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E1E5000 \SystemRoot\System32\Drivers\TfKbMon.sys
0x8E1ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x893E1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E1F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D7F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88DA1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807B7000 \SystemRoot\system32\DRIVERS\storport.sys
0x89200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88DD0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x891EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E409000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E42C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E43B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E44F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E464000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E474000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E476000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E4A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E4AA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E4B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E4EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E4FD000 \SystemRoot\system32\drivers\stwrt.sys
0x8E552000 \SystemRoot\system32\drivers\portcls.sys
0x8E57F000 \SystemRoot\system32\drivers\drmk.sys
0x8E5A4000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E60B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E70E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8E7C2000 \SystemRoot\system32\drivers\modem.sys
0x8E7CF000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8E7DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E7E6000 \SystemRoot\System32\Drivers\Null.SYS
0x8E7ED000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E7F4000 \SystemRoot\System32\drivers\vga.sys
0x8EA09000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA2A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EA32000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EA3A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EA45000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EA53000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EA5C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EA72000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8EABA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EAEC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EB00000 \SystemRoot\system32\drivers\afd.sys
0x8EB48000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EB5F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB61000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EB6A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EB80000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x8EBBA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EBC8000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x8EBCA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBDD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EA00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9000A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90046000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90050000 \SystemRoot\System32\Drivers\dfsc.sys
0x90067000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x9009F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x900B5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x900C2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xA22B0000 \SystemRoot\System32\win32k.sys
0x90180000 \SystemRoot\System32\drivers\Dxapi.sys
0xA24D0000 \SystemRoot\System32\TSDDD.dll
0xA24F0000 \SystemRoot\System32\cdd.dll
0x90199000 \SystemRoot\system32\drivers\luafv.sys
0x901B4000 \SystemRoot\system32\drivers\WudfPf.sys
0x89314000 \SystemRoot\system32\drivers\spsys.sys
0x901CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA803000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAA82D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA837000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA84A000 \SystemRoot\system32\drivers\HTTP.sys
0xAA8B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA8D4000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA8ED000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA902000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA923000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA942000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA97B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA993000 \SystemRoot\System32\DRIVERS\srv2.sys
0x92C0E000 \SystemRoot\System32\DRIVERS\srv.sys
0x92C75000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0x92C78000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x92C7C000 \SystemRoot\system32\drivers\peauth.sys
0x92D5A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x92D64000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92D8C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x92D98000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x92DA0000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0x92DA5000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0x92DCD000 \??\C:\ComboFix\catchme.sys
0x92DD5000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x92C5D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x92C00000 \SystemRoot\system32\DRIVERS\serscan.sys
0x92C66000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77990000 \Windows\System32\ntdll.dll
Processes (total 107):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
600 csrss.exe
644 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\winlogon.exe
948 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\nvvsvc.exe
1520 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\WLTRYSVC.EXE
1660 C:\Windows\System32\BCMWLTRY.EXE
1744 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\wlanext.exe
1788 C:\Windows\System32\svchost.exe
332 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
404 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
396 C:\Windows\System32\AEstSrv.exe
520 C:\Windows\System32\svchost.exe
540 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12 C:\Windows\System32\atashost.exe
780 C:\Program Files\Bonjour\mDNSResponder.exe
2056 C:\Windows\System32\dlcxcoms.exe
2112 C:\Windows\System32\svchost.exe
2128 C:\IDrive\IDriveE Service.exe
2348 C:\Windows\System32\svchost.exe
2388 C:\Windows\System32\stacsv.exe
3004 C:\Windows\System32\svchost.exe
3084 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
3132 C:\Windows\System32\svchost.exe
3156 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3212 C:\Windows\System32\SearchIndexer.exe
3284 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3320 C:\Windows\System32\dwm.exe
3444 C:\Windows\System32\taskeng.exe
3472 C:\Windows\System32\drivers\XAudio.exe
3868 C:\Windows\System32\taskeng.exe
2080 C:\Windows\System32\svchost.exe
692 C:\IDrive\IDrivePlugin.exe
524 C:\Program Files\DellTPad\Apoint.exe
1172 C:\Windows\OEM02Mon.exe
4044 C:\Windows\System32\WLTRAY.EXE
2024 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
156 C:\Program Files\Dell\MediaDirect\PCMService.exe
1016 C:\Windows\WindowsMobile\wmdSync.exe
740 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
2476 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2472 C:\Program Files\iTunes\iTunesHelper.exe
2576 C:\Program Files\AVG Secure Search\vprot.exe
4036 C:\Windows\ehome\ehtray.exe
3508 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3820 C:\Users\Andrea\AppData\Local\Akamai\netsession_win.exe
1144 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
3200 C:\Program Files\Digital Line Detect\DLG.exe
4108 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4116 C:\Program Files\3M\PDNotes\PDNotes.exe
4128 C:\Program Files\Dell\QuickSet\quickset.exe
5340 C:\Windows\ehome\ehmsas.exe
5764 C:\Windows\System32\svchost.exe
5784 WmiPrvSE.exe
5984 C:\Users\Andrea\AppData\Local\Akamai\netsession_win.exe
2568 C:\Program Files\iPod\bin\iPodService.exe
2892 C:\Program Files\DellTPad\ApMsgFwd.exe
1140 C:\Windows\System32\svchost.exe
4196 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4816 C:\Program Files\DellTPad\hidfind.exe
4896 C:\Program Files\DellTPad\ApntEx.exe
4944 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4988 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
5512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3848 C:\Windows\explorer.exe
4216 C:\Windows\System32\taskeng.exe
5068 C:\Windows\System32\sdclt.exe
5328 C:\Windows\System32\svchost.exe
3096 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3040 C:\Windows\System32\svchost.exe
5836 C:\Windows\System32\svchost.exe
3992 C:\Program Files\AVG\AVG2012\avgidsagent.exe
5900 C:\Program Files\AVG\AVG2012\avgwdsvc.exe.old
2516 C:\Program Files\AVG\AVG2012\avgnsx.exe.old
5800 C:\Program Files\AVG\AVG2012\avgemcx.exe.old
2188 C:\Program Files\AVG\AVG2012\avgrsx.exe.old
4688 C:\Program Files\AVG\AVG2012\avgcsrvx.exe.old
5964 C:\Program Files\AVG\AVG2012\avgtray.exe
5944 C:\Windows\System32\svchost.exe
1236 C:\Program Files\Mozilla Firefox\firefox.exe
5436 C:\Program Files\Mozilla Firefox\plugin-container.exe
1780 C:\Program Files\Mozilla Firefox\plugin-container.exe
5736 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
316 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
2744 C:\Windows\System32\SearchProtocolHost.exe
4888 C:\Windows\System32\SearchFilterHost.exe
3312 dllhost.exe
1832 dllhost.exe
2776 C:\Users\Andrea\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05700000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9
Done!
-
Everything looks good now. How's your computer working now?