Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: cis45x on March 06, 2013, 08:18:56 PM
-
Following steps outlined in Topic: IMPORTANT: Read this before requesting malware removal help
# AdwCleaner v2.114 - Logfile created 03/06/2013 at 21:21:54
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sandra - FAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Sandra\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\safesearch.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Sandra\AppData\Local\Conduit
Folder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Sandra\AppData\LocalLow\Conduit
Folder Found : C:\Users\Sandra\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\Smartbar
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3084223
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0 (en-US)
File : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\prefs.js
Found : user_pref("CT3220468.129571859753082121.isToggled_ item0_12", "true");
Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348146845,\"uuid\":931563366019249,\"seq_id\":9,\"ss[...]
Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3220468.Facebook_Mode", "2");
Found : user_pref("CT3220468.Facebook_User_Locale", "en");
Found : user_pref("CT3220468.FirstTime", "true");
Found : user_pref("CT3220468.FirstTimeFF3", "true");
Found : user_pref("CT3220468.UserID", "UN62900213641328738");
Found : user_pref("CT3220468.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3220468.autoDisableScopes", -1);
Found : user_pref("CT3220468.cbcountry_001", "US");
Found : user_pref("CT3220468.cbfirsttime", "Thu Aug 30 2012 21:55:25 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3220468.defaultSearch", "FALSE");
Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3220468.enableAlerts", "always");
Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3220468.fixUrls", true);
Found : user_pref("CT3220468.hxxp___facebook_conduitapps_c om.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Found : user_pref("CT3220468.installId", "fftA869.tmp.exe");
Found : user_pref("CT3220468.installType", "XPE");
Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isNewTabEnabled", true);
Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.openThankYouPage", "true");
Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Found : user_pref("CT3220468.search.searchCount", "1");
Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347666364182");
Found : user_pref("CT3220468.serviceLayer_services_appsMet adata_lastUpdate", "1348146962629");
Found : user_pref("CT3220468.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1347666364099");
Found : user_pref("CT3220468.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1348146962805");
Found : user_pref("CT3220468.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1347666364143");
Found : user_pref("CT3220468.serviceLayer_services_searchA PI_lastUpdate", "1348146962891");
Found : user_pref("CT3220468.serviceLayer_services_service Map_lastUpdate", "1348146962420");
Found : user_pref("CT3220468.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1347666364043");
Found : user_pref("CT3220468.serviceLayer_services_toolbar Settings_lastUpdate", "1348146962636");
Found : user_pref("CT3220468.serviceLayer_services_transla tion_lastUpdate", "1348146962612");
Found : user_pref("CT3220468.settingsINI", true);
Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Found : user_pref("CT3220468.toolbarBornServerTime", "31-8-2012");
Found : user_pref("CT3220468.toolbarCurrentServerTime", "20-9-2012");
Found : user_pref("CT3220468.toolbarDisabled", "true");
Found : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1347160843601,,,hxxp[...]
-\\ Google Chrome v25.0.1364.97
File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [13614 octets] - [06/03/2013 21:21:54]
########## EOF - C:\AdwCleaner[R1].txt - [13675 octets] ##########
-
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.07.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Sandra :: FAMILY-PC [administrator]
Protection: Enabled
3/6/2013 9:47:22 PM
mbam-log-2013-03-06 (21-47-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217611
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
DDS Report and Attach.txt file attached
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.15.2
Run by Sandra at 22:55:27 on 2013-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.125 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Sandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
uURLSearchHooks: {75e0046f-2275-4bce-9afd-d8da19abdf0b} - <orphaned>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1B31R0YZ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Google Update] "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Spotify Web Helper] "C:\Users\Sandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [Google Updater] "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Sandra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mailsrv2.aldine.k12.tx.us/dwa85W.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://www.mathxl.com/BrowserCheck/wiz/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1AF6C07D-D56A-4831-96CC-26D23B3ED845} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3366C957-967B-4C75-9A7C-303A7994C29C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7B4DAE2E-C7EB-402A-A58D-A10789C2814E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7B4DAE2E-C7EB-402A-A58D-A10789C2814E}\2375942554334333 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20110914&q=
FF - component: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension\components\FFQpBHO3.5.dll
FF - component: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension\components\FFQpBHO3.6.dll
FF - component: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension\components\hpWebPrinting35.dll
FF - component: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension\components\hpWebPrinting36.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sandra\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-23 167072]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-7-12 35840]
.
=============== Created Last 30 ================
.
2013-03-07 03:38:52 -------- d-----w- C:\Users\Sandra\AppData\Roaming\Malwarebytes
2013-03-07 03:38:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-07 03:37:55 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-07 03:37:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-07 02:59:57 -------- d-----w- C:\Program Files\CCleaner
2013-03-06 04:51:22 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-03-06 04:51:22 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-03-06 04:51:22 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-03-06 04:51:22 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-03-06 04:51:22 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-03-06 04:51:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-06 04:51:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-03-03 19:31:01 -------- d-----w- C:\Users\Sandra\AppData\Local\{D7A477ED-E749-4547-8EDA-C547C297179B}
2013-03-03 19:30:36 -------- d-----w- C:\Users\Sandra\AppData\Roaming\Windows Live Writer
2013-03-03 19:30:28 -------- d-----w- C:\Users\Sandra\AppData\Local\Windows Live Writer
2013-03-03 03:11:43 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-02 18:20:00 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-03-02 18:20:00 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2013-03-02 18:20:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2013-03-02 18:20:00 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-03-02 18:18:49 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\GoogleDesktopMozilla.dll
2013-02-24 04:43:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 03:28:17 -------- d-----w- C:\Program Files\iPod
2013-02-24 03:28:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 03:28:09 -------- d-----w- C:\Program Files\iTunes
2013-02-24 03:28:09 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-23 23:44:33 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-23 23:44:32 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-23 23:44:32 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-23 23:44:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-23 23:44:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-23 23:44:30 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-23 23:44:19 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-23 23:44:18 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-23 23:44:17 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-23 23:43:37 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-23 23:42:15 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-23 23:42:15 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-23 23:38:31 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys
2013-02-23 23:38:30 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtsp64.sys
2013-02-23 23:38:30 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys
2013-02-23 23:38:30 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtspx64.sys
2013-02-23 23:38:30 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys
2013-02-23 23:38:29 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys
2013-02-23 23:38:29 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys
2013-02-23 23:37:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309010.00E
2013-02-16 01:58:12 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-16 01:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
.
==================== Find3M ====================
.
2013-03-03 03:11:43 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 03:17:08 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 03:17:08 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-24 04:43:06 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-24 04:43:06 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-13 19:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-12-13 19:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2011-10-18 00:46:02 161736 ----a-w- C:\Program Files (x86)\64res.dll
.
============= FINISH: 22:59:03.85 ===============
[recovering disk space, attachment deleted by admin]
-
Posting Attach.txt file from DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2010 10:52:13 PM
System Uptime: 3/6/2013 8:28:28 PM (2 hours ago)
.
Motherboard: MSI | | Boston
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 180.147 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.156 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP399: 3/3/2013 10:05:36 PM - Scheduled Checkpoint
RP400: 3/4/2013 3:01:45 AM - Windows Update
RP401: 3/5/2013 10:51:34 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
BufferChm
CA Pest Patrol Realtime Protection
CCleaner
Cisco WebEx Meetings
Citrix Presentation Server Client - Web Only
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
Dropbox
Evernote v. 4.5.10
Fax
GIMP 2.6.10
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
Hardware Diagnostic Tools
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Detection
HP Remote Solution
HP Setup
HP Support Information
HP Update
I.R.I.S. OCR
iCloud
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
iTunes
Java 7 Update 15
Java Auto Updater
Jawbone Updater
Jing
Junk Mail filter update
Kies mini
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
Media Wizard 3.0 for SGH-I617
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Norton Internet Security
Photo Story 3 for Windows
Picasa 3
PictureMover
Power2Go
PowerDirector
PowerRecover
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Respondus LockDown Browser
Safari
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 5.10
Sony Ericsson PC Companion 2.02.002
Sony Ericsson Update Engine
Spelling Dictionaries Support For Adobe Reader 9
Spotify
swMSM
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
Windows Password Recovery Tool 3.0
Yahoo! BrowserPlus 2.9.8
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
**************************************************
P2P - I see you have P2P software installed on your machine. (µTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
# AdwCleaner v2.114 - Logfile created 03/07/2013 at 16:36:31
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sandra - FAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Sandra\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\safesearch.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Sandra\AppData\Local\Conduit
Folder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Sandra\AppData\LocalLow\Conduit
Folder Found : C:\Users\Sandra\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\Smartbar
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3084223
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-1095697556-1968615680-317863672-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0 (en-US)
File : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\prefs.js
Found : user_pref("CT3220468.129571859753082121.isToggled_ item0_12", "true");
Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348146845,\"uuid\":931563366019249,\"seq_id\":9,\"ss[...]
Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3220468.Facebook_Mode", "2");
Found : user_pref("CT3220468.Facebook_User_Locale", "en");
Found : user_pref("CT3220468.FirstTime", "true");
Found : user_pref("CT3220468.FirstTimeFF3", "true");
Found : user_pref("CT3220468.UserID", "UN62900213641328738");
Found : user_pref("CT3220468.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3220468.autoDisableScopes", -1);
Found : user_pref("CT3220468.cbcountry_001", "US");
Found : user_pref("CT3220468.cbfirsttime", "Thu Aug 30 2012 21:55:25 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3220468.defaultSearch", "FALSE");
Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3220468.enableAlerts", "always");
Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3220468.fixUrls", true);
Found : user_pref("CT3220468.hxxp___facebook_conduitapps_c om.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Found : user_pref("CT3220468.installId", "fftA869.tmp.exe");
Found : user_pref("CT3220468.installType", "XPE");
Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isNewTabEnabled", true);
Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3220468.openThankYouPage", "true");
Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Found : user_pref("CT3220468.search.searchCount", "1");
Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347666364182");
Found : user_pref("CT3220468.serviceLayer_services_appsMet adata_lastUpdate", "1348146962629");
Found : user_pref("CT3220468.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1347666364099");
Found : user_pref("CT3220468.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1348146962805");
Found : user_pref("CT3220468.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1347666364143");
Found : user_pref("CT3220468.serviceLayer_services_searchA PI_lastUpdate", "1348146962891");
Found : user_pref("CT3220468.serviceLayer_services_service Map_lastUpdate", "1348146962420");
Found : user_pref("CT3220468.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1347666364043");
Found : user_pref("CT3220468.serviceLayer_services_toolbar Settings_lastUpdate", "1348146962636");
Found : user_pref("CT3220468.serviceLayer_services_transla tion_lastUpdate", "1348146962612");
Found : user_pref("CT3220468.settingsINI", true);
Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Found : user_pref("CT3220468.toolbarBornServerTime", "31-8-2012");
Found : user_pref("CT3220468.toolbarCurrentServerTime", "20-9-2012");
Found : user_pref("CT3220468.toolbarDisabled", "true");
Found : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1347160843601,,,hxxp[...]
-\\ Google Chrome v25.0.1364.152
File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [13669 octets] - [06/03/2013 21:21:54]
AdwCleaner[R2].txt - [13676 octets] - [07/03/2013 16:36:31]
########## EOF - C:\AdwCleaner[R2].txt - [13737 octets] ##########
-
Sorry. I posted the wrong AdwCleaner file. Here is the correct one:
# AdwCleaner v2.114 - Logfile created 03/07/2013 at 20:19:46
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sandra - FAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Sandra\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\safesearch.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Sandra\AppData\Local\Conduit
Folder Deleted : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Sandra\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sandra\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\Smartbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3084223
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0 (en-US)
File : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\prefs.js
Deleted : user_pref("CT3220468.129571859753082121.isToggled_ item0_12", "true");
Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348146845,\"uuid\":931563366019249,\"seq_id\":9,\"ss[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.Facebook_Mode", "2");
Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN62900213641328738");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Thu Aug 30 2012 21:55:25 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.hxxp___facebook_conduitapps_c om.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Deleted : user_pref("CT3220468.installId", "fftA869.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "1");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1347666364182");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMet adata_lastUpdate", "1348146962629");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1347666364099");
Deleted : user_pref("CT3220468.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1348146962805");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1347666364143");
Deleted : user_pref("CT3220468.serviceLayer_services_searchA PI_lastUpdate", "1348146962891");
Deleted : user_pref("CT3220468.serviceLayer_services_service Map_lastUpdate", "1348146962420");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1347666364043");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbar Settings_lastUpdate", "1348146962636");
Deleted : user_pref("CT3220468.serviceLayer_services_transla tion_lastUpdate", "1348146962612");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "31-8-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "20-9-2012");
Deleted : user_pref("CT3220468.toolbarDisabled", "true");
Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1347160843601,,,hxxp[...]
-\\ Google Chrome v25.0.1364.152
File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [13669 octets] - [06/03/2013 21:21:54]
AdwCleaner[R2].txt - [13731 octets] - [07/03/2013 16:36:31]
AdwCleaner[R3].txt - [13792 octets] - [07/03/2013 20:18:48]
AdwCleaner[S1].txt - [13638 octets] - [07/03/2013 20:19:46]
########## EOF - C:\AdwCleaner[S1].txt - [13699 octets] ##########
-
Thanks, I'll wait for the other logs.
-
SecurityCheck results:
Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 15
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
-
ComboFix Log File
ComboFix 13-03-07.03 - Sandra 03/07/2013 21:47:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.198 [GMT -6:00]
Running from: c:\users\Sandra\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\TelevisionFanaticEI
c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\bing-zugo.xml
c:\users\Sandra\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 )))))))))))))))))))))))))))))))
.
.
2013-03-08 04:07 . 2013-03-08 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-07 03:38 . 2013-03-07 03:38 -------- d-----w- c:\users\Sandra\AppData\Roaming\Malwarebytes
2013-03-07 03:37 . 2013-03-07 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 03:37 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-07 02:59 . 2013-03-07 03:00 -------- d-----w- c:\program files\CCleaner
2013-03-06 04:51 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-06 04:51 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-06 04:51 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-06 04:51 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-06 04:51 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-06 04:51 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-06 04:51 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-03 19:30 . 2013-03-03 19:30 -------- d-----w- c:\users\Sandra\AppData\Roaming\Windows Live Writer
2013-03-03 19:30 . 2013-03-03 19:31 -------- d-----w- c:\users\Sandra\AppData\Local\Windows Live Writer
2013-03-03 03:20 . 2013-02-17 07:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-03-03 03:11 . 2013-03-03 03:11 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-02 18:20 . 2013-03-02 18:20 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-03-02 18:20 . 2013-03-02 18:20 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-03-02 18:20 . 2013-03-02 18:20 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2013-03-02 18:20 . 2013-03-02 18:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2013-03-02 18:18 . 2010-07-28 14:52 119808 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\GoogleDesktopMozilla.dll
2013-02-24 04:44 . 2013-02-24 04:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-24 04:43 . 2013-02-24 04:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 03:28 . 2013-02-24 03:28 -------- d-----w- c:\program files\iPod
2013-02-24 03:28 . 2013-02-24 03:31 -------- d-----w- c:\program files\iTunes
2013-02-24 03:28 . 2013-02-24 03:31 -------- d-----w- c:\program files (x86)\iTunes
2013-02-23 23:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-23 23:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-23 23:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-23 23:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-23 23:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-23 23:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-23 23:44 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-23 23:44 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-23 23:44 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-23 23:43 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-23 23:42 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-23 23:42 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-23 23:37 . 2013-02-24 00:31 -------- d-----w- c:\windows\system32\drivers\NISx64\1309010.00E
2013-02-16 01:58 . 2013-02-16 01:58 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-16 01:58 . 2013-02-16 01:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 03:17 . 2012-04-07 16:30 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 03:17 . 2011-06-07 01:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 04:43 . 2012-09-22 20:47 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-24 04:43 . 2011-01-12 03:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-05 04:49 . 2010-02-13 17:57 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-23 23:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 09:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 19:50 . 2012-12-13 19:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 19:50 . 2012-12-13 19:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-10-18 00:46 . 2011-10-18 00:56 161736 ----a-w- c:\program files (x86)\64res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 39408]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"Spotify Web Helper"="c:\users\Sandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-08 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"Google Updater"="c:\program files (x86)\Google\Google Updater\GoogleUpdater.exe" [2011-10-14 161336]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
.
c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-19 35840]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-09-11 13352]
R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-07-31 52320]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
R4 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20130307.001\IDSvia64.sys [2013-02-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-07 03:24 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 03:17]
.
2013-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 03:05]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 05:15]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 05:15]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1095697556-1968615680-317863672-1001Core.job
- c:\users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 21:09]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1095697556-1968615680-317863672-1001UA.job
- c:\users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 21:09]
.
2013-02-24 c:\windows\Tasks\HPCeeScheduleForSandra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
2013-03-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: k12.tx.us\apps.aldine
Trusted Zone: k12.tx.us\asdat.aldine
Trusted Zone: lonestar.edu\hcm
Trusted Zone: lonestar.edu\jobs
TCP: DhcpNameServer = 192.168.1.254
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mailsrv2.aldine.k12.tx.us/dwa85W.cab
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20110914&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{75e0046f-2275-4bce-9afd-d8da19abdf0b} - (no file)
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
WebBrowser-{75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-07 22:19:10
ComboFix-quarantined-files.txt 2013-03-08 04:19
.
Pre-Run: 193,253,822,464 bytes free
Post-Run: 192,862,957,568 bytes free
.
- - End Of File - - 62D3615B6739DF153DA814742B705C00
-
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
*******************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
********************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
I have updated to Adobe Reader XI, and ran Rooter.exe. Here is the *.txt file.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 9.10.9200.16521
Mozilla Firefox 19.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:286 Go - Free:178 Go )
D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:2 Go )
E:\ [CD_Rom]
G:\ [Removable]
.
Scan : 12:28.10
Path : C:\Users\Sandra\Downloads\Rooter.exe
User : Sandra ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???�?????? (284)
______ ???�?????? (424)
______ ???�?????? (464)
______ ???�?????? (480)
______ ???�?????? (544)
______ ???�?????? (552)
______ ???�?????? (564)
______ ???�?????? (572)
______ ???�?????? (688)
______ ???�?????? (768)
______ ???�?????? (852)
______ ???�?????? (912)
______ ???�?????? (936)
______ ???�?????? (984)
______ ???�?????? (484)
______ ???�?????? (1048)
______ ???�?????? (1252)
______ ???�?????? (1280)
______ ???�?????? (1388)
______ ???�?????? (1440)
______ C:\Windows\SysWOW64\svchost.exe (1492)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1516)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (1576)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (1604)
______ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (1676)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1756)
______ ???�?????? (1836)
______ ???�?????? (1892)
______ ???�?????? (2004)
______ ???�?????? (3040)
______ ???�?????? (2720)
______ ???�?????? (2564)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2540)
______ ???�?????? (2524)
______ ???�?????? (2868)
______ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (2224)
______ ???�?????? (2920)
______ ???�?????? (2260)
______ ???�?????? (2012)
______ ???�?????? (2372)
______ ???�?????? (2352)
______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1876)
______ C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (3192)
______ C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (3612)
______ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (3744)
______ ???�?????? (2872)
______ C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (608)
______ C:\Users\Sandra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (4048)
______ c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (3288)
______ C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (3300)
______ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (3152)
______ C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (3536)
______ ???�?????? (3692)
______ C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (3752)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3740)
______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (4056)
______ C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (3868)
______ C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (3464)
______ ???�?????? (3980)
______ ???�?????? (4668)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (4932)
______ ???�?????? (4504)
______ ???�?????? (6004)
______ ???�?????? (6012)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (3736)
______ ???�?????? (5608)
______ ???�?????? (4412)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (6948)
______ ???�?????? (7360)
______ ???�?????? (7272)
______ C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe (10224)
______ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (4492)
______ C:\Users\Sandra\Downloads\Rooter.exe (4644)
______ ???�?????? (7152)
______ ???�?????? (5436)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:307268419584)
\Device\Harddisk0\Partition3 (Start_Offset:307374325760 | Length:12697206784)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1095697556-1968615680-317863672-1001Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1095697556-1968615680-317863672-1001UA.job
C:\Windows\Tasks\HPCeeScheduleForSandra.job
C:\Windows\Tasks\PCDRScheduledMaintenance.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 12:30.31
.
C:\Rooter$\Rooter_1.txt - (09/03/2013 | 12:30.31)
-
Below is my RogueKiller Report. What do with the items that were found? Delete, Fix Host, Fix Proxy, Fix DNS, Fix Shortcuts???
RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sandra [Admin rights]
Mode : Scan -- Date : 03/09/2013 13:59:10
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] b6985a118407b0eae09b95751187ecb3
[BSP] b41ccdc2bd88c2454c04c6c02a8f26cb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 293034 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600340480 | Size: 12109 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03092013_02d1359.txt >>
RKreport[1]_S_03092013_02d1359.txt
-
What do with the items that were found? Delete, Fix Host, Fix Proxy, Fix DNS, Fix Shortcuts???
Please delete them.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I have been running the ESET scan in IE for the past 6+ hours and it is only at 46%. Any suggestions or ideas why?
-
Ok, please try this one.
Run the BitDefender Online scanner (http://www.bitdefender.com/scanner/online/free.html)
Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
Post the bdscan.txt file as an Attachment.
-
This was much faster. I have attached the file.
[recovering disk space, attachment deleted by admin]
-
Ok. How's your computer running now? Any other issues before we cleanup?
-
It is still running rather slow. I click to open an application or a file and it takes half a minute or more before it responds.
-
Please try this:
Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.