Jump to content

mdv_1999

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Can not get system restore to work. Every time I get "did not complete succesfully" unspecified error "0x80071a90". I tried uninstalling Avast Anti-Virus software but nothing seems to work. Can you please help. Thanks in advance,
  2. Checkup.txt Results of screen317's Security Check version 0.99.51 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 AVG PC Tuneup 2011 CCleaner Java 6 Update 32 Java 7 Update 7 Adobe Reader X 10.1.3 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. No much better. ComboFix.txt ComboFix 12-09-18.06 - Sleep 09/18/2012 12:06:49.9.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1344 [GMT -4:00] Running from: c:\users\Sleep\Downloads\ComboFix.exe Command switches used :: c:\users\Sleep\Downloads\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Task Scheduler.lnk" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Task Scheduler.lnk c:\users\Sleep\AppData\Roaming\Task Scheduler c:\users\Sleep\AppData\Roaming\Task Scheduler\Task Scheduler.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 ))))))))))))))))))))))))))))))) . . 2012-09-18 16:12 . 2012-09-18 16:14 -------- d-----w- c:\users\Sleep\AppData\Local\temp 2012-09-18 16:12 . 2012-09-18 16:12 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-18 16:12 . 2012-09-18 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-18 16:12 . 2012-09-18 16:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-09-18 16:12 . 2012-09-18 16:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-09-17 13:55 . 2012-09-17 13:55 -------- d-----w- c:\program files\Common Files\Java 2012-09-17 13:55 . 2012-09-17 13:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-16 05:13 . 2012-09-16 09:20 -------- d-----w- C:\FRST 2012-09-15 14:47 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-02 21:26 . 2012-09-02 21:26 -------- d-----w- c:\users\Sleep\AppData\Roaming\Nitro PDF 2012-09-02 21:18 . 2012-07-16 09:13 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-09-02 21:18 . 2012-07-16 09:13 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\programdata\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Common Files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\users\Sleep\AppData\Roaming\Downloaded Installations 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\users\Sleep\AppData\Roaming\.mono 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\programdata\.mono 2012-08-29 19:09 . 2000-12-06 02:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX 2012-08-29 19:09 . 1999-06-03 12:51 381712 ----a-w- c:\windows\system32\MSWLESS.OCX 2012-08-29 19:09 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2012-08-29 19:09 . 1997-07-19 17:55 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL 2012-08-29 19:09 . 2000-05-22 02:00 115920 ----a-w- c:\windows\system32\MSINET.OCX 2012-08-29 19:09 . 1998-06-24 02:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-08-22 15:35 . 2012-08-22 17:30 -------- d-----w- c:\programdata\HitmanPro 2012-08-22 10:31 . 2012-08-22 10:31 -------- d-----w- c:\users\Sleep\AppData\Local\{88B67A84-EC44-11E1-8270-B8AC6F996F26} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-17 13:55 . 2012-05-03 12:44 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-07 21:04 . 2012-04-05 23:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-22 16:59 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe 2012-08-22 10:32 . 2012-04-05 03:36 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 10:32 . 2011-06-10 13:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-01 18:13 . 2012-08-01 18:13 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2012-08-01 18:13 . 2012-08-01 18:13 33512 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-07-18 17:10 . 2012-08-15 04:15 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 09:14 . 2012-07-16 09:14 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-07-04 21:23 . 2012-08-15 04:15 41472 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:23 . 2012-08-15 04:15 102912 ----a-w- c:\windows\system32\browser.dll 2012-06-29 00:16 . 2012-08-15 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09 . 2012-08-15 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08 . 2012-08-15 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-14 00:17 . 2012-08-12 15:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768] . c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HUD 3.6.0.lnk - c:\program files\Fonality\HUD3.6\HUD3.exe [2011-6-7 315392] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2008-07-10 04:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2008-07-10 04:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-08-31 14:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nlem32nt;nlem32nt; [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pinetmgr sscdbus NWSLP procexp90 WacomVKHid usb_rndisx lhidusb winpowerrmi TSHWMDTCP w200mdfl radclock cebdaldr dm1service fasttrackinstallerservice se27unic ups ma_cmidi_installerservice tosrfsnd GoToAssist . Contents of the 'Scheduled Tasks' folder . 2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Sleep\AppData\Roaming\Mozilla\Firefox\Profiles\zhni10w2.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Task Scheduler - c:\users\Sleep\AppData\Roaming\Task Scheduler\Task Scheduler.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Hotspot Shield\bin\openvpntray.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-09-18 12:17:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-18 16:17 ComboFix2.txt 2012-09-17 13:35 ComboFix3.txt 2012-09-16 05:00 ComboFix4.txt 2012-09-15 14:12 ComboFix5.txt 2012-09-18 16:05 . Pre-Run: 261,073,063,936 bytes free Post-Run: 261,254,696,960 bytes free . - - End Of File - - 571A43EC8C192E791C0F8AD1D13D6863
  4. Yes it does. Im unable to access the Desktop nor start menu. Pressed ALT+CTRL+DEL accessed the Task Manager, Deleted Task Scheduler under the Processes tab. Program closes, but desktop items, and taskbar doesnt show up. Just a blank screen. I rebooted the computer to SafeMode with Networking logged into System Configuration(msconfig), disabled both Task Scheduler's under the Start-Up tabs(why is there two ??). Rebooted the computer. Everything seems fine when its disabled. But that means this hasnt been resolved just surpressed. Below is the screen shot of both Task Scheduler
  5. Nothing at the moment. Should I leave Task Scheduler disabled? ComboFix.txt ComboFix 12-09-16.01 - Sleep 09/17/2012 9:25.8.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1210 [GMT -4:00] Running from: c:\users\Sleep\Downloads\ComboFix.exe Command switches used :: c:\users\Sleep\Downloads\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 ))))))))))))))))))))))))))))))) . . 2012-09-17 13:31 . 2012-09-17 13:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-09-17 13:31 . 2012-09-17 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-17 13:31 . 2012-09-17 13:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-09-16 05:13 . 2012-09-16 09:20 -------- d-----w- C:\FRST 2012-09-15 14:47 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-14 23:52 . 2012-09-14 23:52 -------- d-----w- c:\users\Sleep\AppData\Roaming\Task Scheduler 2012-09-06 15:12 . 2012-09-17 13:32 -------- d-----w- c:\users\Sleep\AppData\Local\temp 2012-09-02 21:26 . 2012-09-02 21:26 -------- d-----w- c:\users\Sleep\AppData\Roaming\Nitro PDF 2012-09-02 21:18 . 2012-07-16 09:13 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-09-02 21:18 . 2012-07-16 09:13 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\programdata\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Common Files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\users\Sleep\AppData\Roaming\Downloaded Installations 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\users\Sleep\AppData\Roaming\.mono 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\programdata\.mono 2012-08-29 19:09 . 2000-12-06 02:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX 2012-08-29 19:09 . 1999-06-03 12:51 381712 ----a-w- c:\windows\system32\MSWLESS.OCX 2012-08-29 19:09 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2012-08-29 19:09 . 1997-07-19 17:55 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL 2012-08-29 19:09 . 2000-05-22 02:00 115920 ----a-w- c:\windows\system32\MSINET.OCX 2012-08-29 19:09 . 1998-06-24 02:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-08-22 15:35 . 2012-08-22 17:30 -------- d-----w- c:\programdata\HitmanPro 2012-08-22 10:31 . 2012-08-22 10:31 -------- d-----w- c:\users\Sleep\AppData\Local\{88B67A84-EC44-11E1-8270-B8AC6F996F26} 2012-08-19 07:01 . 2012-08-19 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 21:04 . 2012-04-05 23:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-22 16:59 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe 2012-08-22 10:32 . 2012-04-05 03:36 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 10:32 . 2011-06-10 13:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-01 18:13 . 2012-08-01 18:13 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2012-08-01 18:13 . 2012-08-01 18:13 33512 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-07-18 17:10 . 2012-08-15 04:15 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 09:14 . 2012-07-16 09:14 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-07-04 21:23 . 2012-08-15 04:15 41472 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:23 . 2012-08-15 04:15 102912 ----a-w- c:\windows\system32\browser.dll 2012-06-29 00:16 . 2012-08-15 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09 . 2012-08-15 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08 . 2012-08-15 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-14 00:17 . 2012-08-12 15:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768] . c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HUD 3.6.0.lnk - c:\program files\Fonality\HUD3.6\HUD3.exe [2011-6-7 315392] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Sleep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Task Scheduler.lnk] path=c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Task Scheduler.lnk backup=c:\windows\pss\Task Scheduler.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2008-07-10 04:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2008-07-10 04:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-08-31 14:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Task Scheduler] 2012-09-14 23:52 129024 ----a-w- c:\users\Sleep\AppData\Roaming\Task Scheduler\Task Scheduler.exe . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nlem32nt;nlem32nt; [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - 90312042 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pinetmgr sscdbus NWSLP procexp90 WacomVKHid usb_rndisx lhidusb winpowerrmi TSHWMDTCP w200mdfl radclock cebdaldr dm1service fasttrackinstallerservice se27unic ups ma_cmidi_installerservice tosrfsnd GoToAssist . Contents of the 'Scheduled Tasks' folder . 2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.10.1 FF - ProfilePath - c:\users\Sleep\AppData\Roaming\Mozilla\Firefox\Profiles\zhni10w2.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Hotspot Shield\bin\openvpntray.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-09-17 09:35:51 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-17 13:35 ComboFix2.txt 2012-09-16 05:00 ComboFix3.txt 2012-09-15 14:12 ComboFix4.txt 2012-09-06 15:17 ComboFix5.txt 2012-09-17 13:24 . Pre-Run: 261,879,013,376 bytes free Post-Run: 261,843,267,584 bytes free . - - End Of File - - 3947BBFDD9FEF2027DE188C25ADA7B64
  6. Just ran the Kaspersky VPT again. No threats were detected. By the way, the VPT log posted earlier was also my second run of the virus scanner. I accidently closed it during a scan the first time, so thats why theres no log about the first 3 Java virus components detected. The log above was the rerun. I hope this isnt to confusing. Although I had Kaspersky delete all issues when found. Would you still be able to help me eradicate any Java issue if theres any left? Kaspersky VPT---> No Threats Detected
  7. <p>I reran Kaspersky. No threats were detected. By the way, the log sent earlier was also my second run of the virus scanner. I accidently closed it the first time during the scan so thats why theres no log about the first 3 Java virus components detected. The log above was the rerun. I hope this isnt to confusing. <img alt="" class="bbc_emoticon" height="20" src="http://forums.malwarebytes.org/public/style_emoticons/default/smile.png" title="" width="20" />. I had Kaspersky delete them when found. Would you still be able to help me eradicate any Java issue if theres any left?</p> <p> </p> <p> </p> <ul> <li>Kaspersky---> No Threats Detected</li> </ul>
  8. Actually I have yet to reenable the Task Scheduler. Should I? Heres the thing. My PC was running the Virus Removal Tool and I accidently closed it. So the log below is incomplete. It also detected 3 virus components that said something about Java attachment. By the way lately everytime I reboot my system Java says that an update is available. I normally close it. But once I did click update and it says I already have the current Java. KasperskyVRTlog.txt Status: Deleted (events: 3) 9/16/2012 11:24:02 AM Deleted Trojan program Trojan.Win32.BHO.cgqs C:\Qoobox\Quarantine\C\Users\Sleep\AppData\Local\Apple Computer\Adobe\cphlzlw.dll.vir High 9/16/2012 11:24:14 AM Deleted Trojan program Trojan.Win32.Diple.flaf C:\Qoobox\Quarantine\C\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\Threat Expert\shmeuv.dll.vir High 9/16/2012 11:24:14 AM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\TDSSKiller_Quarantine\22.08.2012_12.57.02\zasubsys0000\zafs0000\tsk0001.dta High
  9. My initial issue. I had to disable Task Scheduler in order to avoid the FBI MoneyPak virus popup. Somehow its attached to it. I also attached a screenshot of AutoRuns on the first post so you can help me uninstall or disable unnecessary/unwanted services. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-09-2012 02 Ran by SYSTEM at 2012-09-16 02:26:28 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e} moved successfully. C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L not found. C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U not found. C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e} moved successfully. C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L not found. C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\Threat Expert not found. C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U not found. ==== End of Fixlog ====
  10. ComboFix.txt ComboFix 12-09-15.02 - Sleep 09/16/2012 0:49.7.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1353 [GMT -4:00] Running from: c:\users\Sleep\Downloads\ComboFix.exe Command switches used :: c:\users\Sleep\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\temp.000" "c:\windows\system32\temp.001" "c:\windows\system32\temp.002" "c:\windows\system32\temp.003" "c:\windows\system32\temp.004" "c:\windows\system32\temp.005" "c:\windows\system32\temp.006" "c:\windows\system32\temp.007" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\temp.000 c:\windows\system32\temp.001 c:\windows\system32\temp.002 c:\windows\system32\temp.003 c:\windows\system32\temp.004 c:\windows\system32\temp.005 c:\windows\system32\temp.006 c:\windows\system32\temp.007 . . ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))) . . 2012-09-16 04:55 . 2012-09-16 04:55 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-09-16 04:55 . 2012-09-16 04:55 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-16 04:55 . 2012-09-16 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-16 04:55 . 2012-09-16 04:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-09-14 23:52 . 2012-09-14 23:52 -------- d-----w- c:\users\Sleep\AppData\Roaming\Task Scheduler 2012-09-06 15:12 . 2012-09-16 04:57 -------- d-----w- c:\users\Sleep\AppData\Local\temp 2012-09-02 21:26 . 2012-09-02 21:26 -------- d-----w- c:\users\Sleep\AppData\Roaming\Nitro PDF 2012-09-02 21:18 . 2012-07-16 09:13 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-09-02 21:18 . 2012-07-16 09:13 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\programdata\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\program files\Common Files\Nitro PDF 2012-09-02 21:17 . 2012-09-02 21:17 -------- d-----w- c:\users\Sleep\AppData\Roaming\Downloaded Installations 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\users\Sleep\AppData\Roaming\.mono 2012-08-30 01:15 . 2012-08-30 01:15 -------- d-----w- c:\programdata\.mono 2012-08-29 19:09 . 2000-12-06 02:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX 2012-08-29 19:09 . 1999-06-03 12:51 381712 ----a-w- c:\windows\system32\MSWLESS.OCX 2012-08-29 19:09 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2012-08-29 19:09 . 1997-07-19 17:55 1347344 ----a-w- c:\windows\system32\MSVBVM50.DLL 2012-08-29 19:09 . 2000-05-22 02:00 115920 ----a-w- c:\windows\system32\MSINET.OCX 2012-08-29 19:09 . 1998-06-24 02:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-08-22 15:35 . 2012-08-22 17:30 -------- d-----w- c:\programdata\HitmanPro 2012-08-22 10:31 . 2012-08-22 10:31 -------- d-----w- c:\users\Sleep\AppData\Local\{88B67A84-EC44-11E1-8270-B8AC6F996F26} 2012-08-19 07:01 . 2012-08-19 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-08-18 11:38 . 2012-08-18 11:38 -------- d-----w- c:\users\Sleep\AppData\Local\IsolatedStorage 2012-08-18 11:38 . 2012-08-18 11:38 -------- d-----w- c:\users\Sleep\AppData\Local\C3C_Software 2012-08-18 11:23 . 2012-09-15 06:11 -------- d-----w- c:\program files\Final Impression 2012-08-17 15:21 . 2012-08-18 19:18 -------- d-----w- c:\users\Sleep\AppData\Roaming\FileZilla 2012-08-17 09:51 . 1999-05-15 04:24 97280 ----a-w- c:\windows\system32\vspell32.ocx . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 21:04 . 2012-04-05 23:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-22 16:59 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe 2012-08-22 10:32 . 2012-04-05 03:36 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 10:32 . 2011-06-10 13:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-01 18:13 . 2012-08-01 18:13 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2012-08-01 18:13 . 2012-08-01 18:13 33512 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-07-18 17:10 . 2012-08-15 04:15 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 09:14 . 2012-07-16 09:14 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-07-04 21:23 . 2012-08-15 04:15 41472 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:23 . 2012-08-15 04:15 102912 ----a-w- c:\windows\system32\browser.dll 2012-06-29 00:16 . 2012-08-15 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09 . 2012-08-15 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08 . 2012-08-15 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-14 00:17 . 2012-08-12 15:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768] . c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HUD 3.6.0.lnk - c:\program files\Fonality\HUD3.6\HUD3.exe [2011-6-7 315392] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Sleep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Task Scheduler.lnk] path=c:\users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Task Scheduler.lnk backup=c:\windows\pss\Task Scheduler.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2008-07-10 04:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2008-07-10 04:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-08-31 14:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Task Scheduler] 2012-09-14 23:52 129024 ----a-w- c:\users\Sleep\AppData\Roaming\Task Scheduler\Task Scheduler.exe . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nlem32nt;nlem32nt; [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pinetmgr sscdbus NWSLP procexp90 WacomVKHid usb_rndisx lhidusb winpowerrmi TSHWMDTCP w200mdfl radclock cebdaldr dm1service fasttrackinstallerservice se27unic ups ma_cmidi_installerservice tosrfsnd GoToAssist . Contents of the 'Scheduled Tasks' folder . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Sleep\AppData\Roaming\Mozilla\Firefox\Profiles\zhni10w2.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,54,b3,07,38,b7,c2,43,97,80,7b,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Hotspot Shield\bin\openvpntray.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-09-16 01:00:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-16 05:00 ComboFix2.txt 2012-09-15 14:12 ComboFix3.txt 2012-09-06 15:17 ComboFix4.txt 2012-09-02 02:34 . Pre-Run: 261,048,311,808 bytes free Post-Run: 263,015,075,840 bytes free . - - End Of File - - 051C1DF8AC7ECD674342D7E320D9D930 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02 Ran by SYSTEM at 16-09-2012 01:20:15 Running from F:\ Windows 7 Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKU\TEMP\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Startup: C:\Users\Sleep\Start Menu\Programs\Startup\HUD 3.6.0.lnk ShortcutTarget: HUD 3.6.0.lnk -> C:\Program Files\Fonality\HUD3.6\HUD3.exe () Startup: C:\Users\Sleep\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 GoToAssist; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation) 2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [476016 2012-08-02] () 2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [408944 2012-08-02] (AnchorFree Inc.) 3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-08-02] () 2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [387440 2012-08-02] () 2 ma_cmidi_installerservice; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation) 2 NitroDriverReadSpool2; "C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe" [184840 2012-07-16] (Nitro PDF Software) 2 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x] 4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x] 2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-16] (Broadcom Corporation) 1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.) 0 nlem32nt; C:\Windows\System32\Drivers\nlem32nt.sys [69656 2009-12-01] () 0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-07-12] (Sonic Solutions) 3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc) 3 VIACRX86; C:\Windows\System32\DRIVERS\viacr.sys [59392 2009-07-13] (VIA Technologies, Inc. ) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x] 3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x] 0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: pinetmgr -> No Registry Path. NETSVC: sscdbus -> No Registry Path. NETSVC: NWSLP -> No Registry Path. NETSVC: procexp90 -> No Registry Path. NETSVC: WacomVKHid -> No Registry Path. NETSVC: usb_rndisx -> No Registry Path. NETSVC: lhidusb -> No Registry Path. NETSVC: winpowerrmi -> No Registry Path. NETSVC: TSHWMDTCP -> No Registry Path. NETSVC: w200mdfl -> No Registry Path. NETSVC: radclock -> No Registry Path. NETSVC: cebdaldr -> No Registry Path. NETSVC: dm1service -> No Registry Path. NETSVC: fasttrackinstallerservice -> No Registry Path. NETSVC: se27unic -> No Registry Path. NETSVC: ups -> No Registry Path. NETSVC: ma_cmidi_installerservice -> No Registry Path. NETSVC: tosrfsnd -> No Registry Path. NETSVC: GoToAssist -> No Registry Path. ==================== One Month Created Files and Folders ======== 2012-09-15 21:13 - 2012-09-16 01:20 - 00000000 ____D C:\FRST 2012-09-15 21:13 - 2012-09-15 21:13 - 00904140 ____A (Farbar) C:\Users\Sleep\Downloads\FRST.exe 2012-09-15 21:00 - 2012-09-15 21:00 - 00013366 ____A C:\ComboFix.txt 2012-09-15 06:04 - 2012-09-15 20:46 - 04754503 ____R (Swearware) C:\Users\Sleep\Downloads\ComboFix.exe 2012-09-14 21:58 - 2012-09-14 22:00 - 00002247 ____A C:\Users\Sleep\Desktop\New Text Document.txt 2012-09-14 18:06 - 2012-09-14 18:06 - 00540921 ____A C:\Users\Sleep\Downloads\Autoruns.zip 2012-09-14 15:52 - 2012-09-14 15:52 - 00000000 ____D C:\Users\Sleep\AppData\Roaming\Task Scheduler 2012-09-03 15:11 - 2012-09-15 20:56 - 00002528 ____A C:\Windows\PFRO.log 2012-09-03 15:11 - 2012-09-03 15:11 - 00448984 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-02 13:26 - 2012-09-02 13:26 - 00000000 ____D C:\Users\Sleep\AppData\Roaming\Nitro PDF 2012-09-02 13:18 - 2012-07-16 01:13 - 00027144 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll 2012-09-02 13:18 - 2012-07-16 01:13 - 00018440 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll 2012-09-02 13:17 - 2012-09-02 13:17 - 00002019 ____A C:\Users\Public\Desktop\Nitro Pro 7.lnk 2012-09-02 13:17 - 2012-09-02 13:17 - 00000000 ____D C:\Users\Sleep\AppData\Roaming\Downloaded Installations 2012-09-02 13:17 - 2012-09-02 13:17 - 00000000 ____D C:\Users\All Users\Nitro PDF 2012-09-02 13:17 - 2012-09-02 13:17 - 00000000 ____D C:\Program Files\Nitro PDF 2012-09-02 13:17 - 2012-09-02 13:17 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF 2012-09-01 21:00 - 2012-09-15 21:02 - 00002240 ____A C:\Windows\setupact.log 2012-09-01 21:00 - 2012-09-01 21:00 - 00000000 ____A C:\Windows\setuperr.log 2012-09-01 18:22 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-01 18:22 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-01 18:22 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-01 18:22 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-01 18:22 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-01 18:22 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-01 18:22 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-01 18:22 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-01 18:21 - 2012-09-15 21:00 - 00000000 ____D C:\Qoobox 2012-09-01 09:59 - 2012-09-01 09:59 - 00124872 ____A C:\Users\Sleep\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-01 07:52 - 2012-09-01 07:52 - 02322184 ____A (ESET) C:\Users\Sleep\Downloads\esetsmartinstaller_enu.exe 2012-08-30 18:59 - 2012-08-30 18:59 - 00000000 ____D C:\Users\Sleep\Documents\OneNote Notebooks 2012-08-30 14:17 - 2012-08-30 14:17 - 10900795 ____A ( ) C:\Users\Sleep\Downloads\nemopdfconverter.exe 2012-08-29 17:15 - 2012-08-29 17:15 - 00000000 ____D C:\Users\Sleep\AppData\Roaming\.mono 2012-08-29 17:15 - 2012-08-29 17:15 - 00000000 ____D C:\Users\All Users\.mono 2012-08-29 17:06 - 2012-08-29 17:09 - 05505024 ____A (Wheels4Deals, LLC ) C:\Users\Sleep\Downloads\wheels4_setup.exe 2012-08-29 11:18 - 2012-08-29 11:18 - 00001222 ____A C:\Users\Administrator\Desktop\Craigs List & eBay Export.lnk 2012-08-29 11:09 - 2000-12-05 18:00 - 00109248 ____A (Microsoft Corporation) C:\Windows\System32\MSWINSCK.OCX 2012-08-29 11:09 - 2000-05-21 18:00 - 00115920 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX 2012-08-29 11:09 - 1999-06-03 04:51 - 00381712 ____A (Microsoft Corporation) C:\Windows\System32\MSWLESS.OCX 2012-08-29 11:09 - 1998-06-23 18:00 - 00137000 ____A (Microsoft Corporation) C:\Windows\System32\MSMAPI32.OCX 2012-08-29 11:09 - 1998-06-17 21:00 - 00089360 ____A (Microsoft Corporation) C:\Windows\System32\VB5DB.DLL 2012-08-29 11:09 - 1997-07-19 09:55 - 01347344 ____A (Microsoft Corporation) C:\Windows\System32\MSVBVM50.DLL 2012-08-29 11:01 - 2012-08-29 11:01 - 07642472 ____A (PrimaSoft PC, Inc. ) C:\Users\Sleep\Downloads\cardealp.exe 2012-08-29 10:57 - 2012-08-29 11:02 - 60743063 ____A C:\Users\Sleep\Downloads\DS5_Setup.exe 2012-08-22 07:36 - 2012-08-22 07:36 - 07758424 ____A (SurfRight B.V.) C:\Users\Sleep\Downloads\HitmanPro36.exe 2012-08-22 07:35 - 2012-08-22 09:30 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-08-22 02:32 - 2012-09-15 20:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-22 02:31 - 2012-08-22 02:31 - 00000000 ____D C:\Users\Sleep\AppData\Local\{88B67A84-EC44-11E1-8270-B8AC6F996F26} 2012-08-18 23:01 - 2012-08-18 23:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2012-08-18 23:01 - 2012-08-18 23:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2012-08-18 03:38 - 2012-08-18 03:38 - 00000000 ____D C:\Users\Sleep\AppData\Local\IsolatedStorage 2012-08-18 03:38 - 2012-08-18 03:38 - 00000000 ____D C:\Users\Sleep\AppData\Local\C3C_Software 2012-08-18 03:23 - 2012-09-14 22:11 - 00000000 ____D C:\Program Files\Final Impression 2012-08-18 03:23 - 2012-08-18 03:38 - 00000000 ____D C:\Users\Sleep\Documents\Final Impression 2012-08-18 03:22 - 2012-09-14 22:10 - 11375074 ____A ( ) C:\Users\Sleep\Downloads\fisetup.exe 2012-08-17 22:02 - 2012-08-17 22:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2012-08-17 07:21 - 2012-08-18 11:18 - 00000000 ____D C:\Users\Sleep\AppData\Roaming\FileZilla 2012-08-17 01:57 - 2012-08-17 07:16 - 00000025 ____A C:\Windows\.prj 2012-08-17 01:51 - 2012-08-17 01:51 - 07209190 ____A C:\Users\Sleep\Downloads\pgbreeze.exe 2012-08-17 01:51 - 1999-05-14 20:24 - 00097280 ____A (Visual Components, Inc.) C:\Windows\System32\vspell32.ocx ==================== 3 Months Modified Files ================== 2012-09-15 21:14 - 2012-07-13 02:04 - 01311349 ____A C:\Windows\WindowsUpdate.log 2012-09-15 21:13 - 2012-09-15 21:13 - 00904140 ____A (Farbar) C:\Users\Sleep\Downloads\FRST.exe 2012-09-15 21:11 - 2010-01-28 15:35 - 00845612 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-15 21:10 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-15 21:10 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-15 21:02 - 2012-09-01 21:00 - 00002240 ____A C:\Windows\setupact.log 2012-09-15 21:02 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-15 21:00 - 2012-09-15 21:00 - 00013366 ____A C:\ComboFix.txt 2012-09-15 20:57 - 2012-08-22 02:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-15 20:57 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini 2012-09-15 20:56 - 2012-09-03 15:11 - 00002528 ____A C:\Windows\PFRO.log 2012-09-15 20:46 - 2012-09-15 06:04 - 04754503 ____R (Swearware) C:\Users\Sleep\Downloads\ComboFix.exe 2012-09-15 18:49 - 2011-01-29 04:53 - 00000426 ____A C:\Windows\BRWMARK.INI 2012-09-14 22:10 - 2012-08-18 03:22 - 11375074 ____A ( ) C:\Users\Sleep\Downloads\fisetup.exe 2012-09-14 22:00 - 2012-09-14 21:58 - 00002247 ____A C:\Users\Sleep\Desktop\New Text Document.txt 2012-09-14 18:06 - 2012-09-14 18:06 - 00540921 ____A C:\Users\Sleep\Downloads\Autoruns.zip 2012-09-08 13:30 - 2011-11-29 10:16 - 00050551 ____A C:\Users\Sleep\Documents\ANAG Books '11.xlsx 2012-09-07 13:04 - 2012-04-05 15:14 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-03 15:11 - 2012-09-03 15:11 - 00448984 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-02 13:17 - 2012-09-02 13:17 - 00002019 ____A C:\Users\Public\Desktop\Nitro Pro 7.lnk 2012-09-01 21:00 - 2012-09-01 21:00 - 00000000 ____A C:\Windows\setuperr.log 2012-09-01 09:59 - 2012-09-01 09:59 - 00124872 ____A C:\Users\Sleep\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-01 07:52 - 2012-09-01 07:52 - 02322184 ____A (ESET) C:\Users\Sleep\Downloads\esetsmartinstaller_enu.exe 2012-08-30 19:04 - 2011-04-12 13:44 - 00000000 ____A C:\Users\Sleep\Documents\Nuance Image Printer Writer Port 2012-08-30 14:17 - 2012-08-30 14:17 - 10900795 ____A ( ) C:\Users\Sleep\Downloads\nemopdfconverter.exe 2012-08-29 17:09 - 2012-08-29 17:06 - 05505024 ____A (Wheels4Deals, LLC ) C:\Users\Sleep\Downloads\wheels4_setup.exe 2012-08-29 11:18 - 2012-08-29 11:18 - 00001222 ____A C:\Users\Administrator\Desktop\Craigs List & eBay Export.lnk 2012-08-29 11:02 - 2012-08-29 10:57 - 60743063 ____A C:\Users\Sleep\Downloads\DS5_Setup.exe 2012-08-29 11:01 - 2012-08-29 11:01 - 07642472 ____A (PrimaSoft PC, Inc. ) C:\Users\Sleep\Downloads\cardealp.exe 2012-08-22 08:59 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-08-22 07:36 - 2012-08-22 07:36 - 07758424 ____A (SurfRight B.V.) C:\Users\Sleep\Downloads\HitmanPro36.exe 2012-08-22 02:32 - 2012-04-04 19:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-22 02:32 - 2011-06-10 05:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-19 23:05 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini 2012-08-17 07:16 - 2012-08-17 01:57 - 00000025 ____A C:\Windows\.prj 2012-08-17 01:51 - 2012-08-17 01:51 - 07209190 ____A C:\Users\Sleep\Downloads\pgbreeze.exe 2012-08-16 11:26 - 2012-08-16 11:26 - 00009235 ____A C:\Users\Sleep\Downloads\2004_converted.html 2012-08-16 10:48 - 2012-08-16 10:48 - 03626414 ____A (Word-Pdf-Convert Software, Inc. ) C:\Users\Sleep\Downloads\free_all_to_image_jpg_jpeg_bmp_tiff_png_converter.exe 2012-08-14 23:02 - 2011-11-24 08:48 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-14 06:57 - 2012-08-14 06:57 - 00001110 ____A C:\Users\Public\Desktop\Hotspot Shield Launch.lnk 2012-08-14 06:56 - 2012-08-14 06:56 - 00000000 ____A C:\Windows\System32\cd.dat 2012-08-12 07:56 - 2012-08-12 07:56 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-08-10 08:33 - 2012-08-10 08:33 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-08-01 10:13 - 2012-08-01 10:13 - 00035560 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\hssdrv6.sys 2012-08-01 10:13 - 2012-08-01 10:13 - 00033512 ____A (AnchorFree Inc) C:\Windows\System32\Drivers\taphss.sys 2012-07-30 00:20 - 2009-07-13 20:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-20 06:47 - 2010-12-24 09:38 - 00079106 ____A C:\Users\Sleep\Documents\Client List.xlsx 2012-07-19 08:39 - 2012-01-09 20:27 - 00171381 ____A C:\Users\Sleep\Documents\Client List '11.xlsx 2012-07-19 08:38 - 2011-01-29 04:57 - 00128947 ____A C:\Users\Sleep\Documents\Books '11.xlsx 2012-07-18 09:10 - 2012-08-14 20:15 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-16 01:14 - 2012-07-16 01:14 - 00069640 ____A (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE 2012-07-16 01:13 - 2012-09-02 13:18 - 00027144 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll 2012-07-16 01:13 - 2012-09-02 13:18 - 00018440 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll 2012-07-15 06:42 - 2011-02-08 07:02 - 02055429 ____A C:\Windows\System32\Drivers\Cat.DB 2012-07-13 02:16 - 2012-07-13 02:16 - 00000000 ____A C:\Windows\System32\SM.lock 2012-07-13 00:43 - 2012-07-13 00:43 - 00000009 ____A C:\END 2012-07-04 13:26 - 2012-08-14 20:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 13:23 - 2012-08-14 20:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 13:23 - 2012-08-14 20:15 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-06-28 16:52 - 2012-08-14 23:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 16:27 - 2012-08-14 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 16:16 - 2012-08-14 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 16:09 - 2012-08-14 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 16:09 - 2012-08-14 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 16:08 - 2012-08-14 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 16:07 - 2012-08-14 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 16:06 - 2012-08-14 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 16:04 - 2012-08-14 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 16:04 - 2012-08-14 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 16:01 - 2012-08-14 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 16:01 - 2012-08-14 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 16:00 - 2012-08-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 15:57 - 2012-08-14 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll ZeroAccess: C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e} C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U ZeroAccess: C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e} C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\Threat Expert C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-24 23:45:03 Restore point made on: 2012-08-29 11:03:53 Restore point made on: 2012-08-29 11:09:06 Restore point made on: 2012-08-29 22:12:47 Restore point made on: 2012-08-29 22:14:01 Restore point made on: 2012-09-01 08:42:27 Restore point made on: 2012-09-02 13:17:28 Restore point made on: 2012-09-02 15:59:39 Restore point made on: 2012-09-06 07:07:04 Restore point made on: 2012-09-13 17:25:23 Restore point made on: 2012-09-15 20:47:37 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2012.8 MB Available physical RAM: 1572.44 MB Total Pagefile: 2012.8 MB Available Pagefile: 1576.58 MB Total Virtual: 2047.88 MB Available Virtual: 1965.62 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:244.88 GB) NTFS 3 Drive f: () (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.94 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3854 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 283 GB 14 GB ========================================================= Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 283 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3853 MB 31 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 3853 MB Healthy ========================================================= Last Boot: 2012-09-05 20:01 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.