Jump to content

cunfused

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Blue Screen View did not find anything. Attemps to fix the update failures as well as validating my copy of windows has not been successful. I also got a warning when I logged into my Gmail account that it may have been hacked a big red bar at the top of my email account said that my email had been accessed remotely. listed sources and asked if it was me not to worry. I couldn't recognize any of the sources so I changed my password. Still no commercials which is a plus.
  2. Something weird happened the other day. The computer starting cashing, then went to a blue screen and said something about a crash dump??
  3. everything seems to be ok other than being prompted that I am not running genuine windows. when I try to resolve the issue the operation fails. Says "Update installation failed. Error information -0x80096001"
  4. New Threat c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\windows\Temporary Internet Files\Contents.IES\4QB7PQ74\in[1].htm Also says "Object does not exist or is inaccessible" Malwarbytes Scan Log- Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.18.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Rebekah :: REBEKAHS-LAPTOP [administrator] Protection: Enabled 3/18/2012 3:35:27 PM mbam-log-2012-03-18 (16-06-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229316 Time elapsed: 21 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> No action taken. (end)
  5. AVG Resident Sheild Alert- File Name- c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL Threat Name- Trojan horse Proxy.ASMH When I try to remove the threat AVG says "Object does not exist or is inaccessible." I followed the theat to it location and deleted it and now I am running a Malwarebytes quick scan
  6. Computer just said that it is not running genuine windows ?? Windows directs me to their website to download Windows Activation Update, I download the program and ran it but it can't finish. Says "Update installation failed. Error information -0x80096001" Advice?
  7. Sorry last question, Do you need the Uninstall Log? Is AVG anti-virus good or should I go with something else?
  8. Again, thanks for your time. donation incoming.
  9. so far no commercials. everything running smoothly. your lucky your on the other side of the world cause you would be getting a big hug. Can you provide me any links to torturials that can show me what I need to do to avoid these problems in the future?
  10. I assume trurn firewalls, malwarebytes on. Any suggestions on anti-virus programs or anything else
  11. Internet is Working! Awesome. I haven't tried to open a browser or do anything. LOG- ComboFix 12-03-16.05 - Rebekah 03/18/2012 2:25.4.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2643 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\Rebekah\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --> c:\windows\system32\Drivers\afd.sys . ((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 ))))))))))))))))))))))))))))))) . . 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Mcx1-REBEKAHS-LAPTOP\AppData\Local\temp 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-18 09:33 . 2012-03-18 09:33 -------- d-----w- c:\users\Benny\AppData\Local\temp 2012-03-11 04:55 . 2012-03-11 04:55 -------- d-----w- c:\program files\ESET 2012-03-11 04:00 . 2012-03-11 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-11 04:00 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 13:32 . 2012-03-18 09:35 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-01-14 03:35 . 2012-02-16 04:10 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-04 08:58 . 2012-02-16 04:10 442880 ----a-w- c:\windows\system32\ntshrui.dll 2011-12-30 05:27 . 2012-02-16 04:10 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\wsauth.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-03-18 02:38:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-18 09:38 ComboFix2.txt 2012-03-17 03:39 ComboFix3.txt 2012-03-10 13:32 ComboFix4.txt 2012-03-07 16:17 . Pre-Run: 68,500,701,184 bytes free Post-Run: 68,222,197,760 bytes free . - - End Of File - - F498AA6143E1A303C1EA657E93C464B2
  12. New FSS Log- Farbar Service Scanner Version: 01-03-2012 Ran by Rebekah (administrator) on 17-03-2012 at 18:20:58 Running from "C:\Users\Rebekah\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. File Check: ======== C:\windows\system32\nsisvc.dll => MD5 is legit C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\windows\system32\dhcpcore.dll => MD5 is legit C:\windows\system32\Drivers\afd.sys [2011-06-15 17:41] - [2012-03-03 21:18] - 0338944 ____A () 8FC69A5AA8A9FECC7F18A3ADDAA3AB7E C:\windows\system32\Drivers\tdx.sys => MD5 is legit C:\windows\system32\Drivers\tcpip.sys => MD5 is legit C:\windows\system32\dnsrslvr.dll => MD5 is legit C:\windows\system32\mpssvc.dll => MD5 is legit C:\windows\system32\bfe.dll => MD5 is legit C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\windows\system32\SDRSVC.dll => MD5 is legit C:\windows\system32\vssvc.exe => MD5 is legit C:\windows\system32\wscsvc.dll => MD5 is legit C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\windows\system32\wuaueng.dll => MD5 is legit C:\windows\system32\qmgr.dll => MD5 is legit C:\windows\system32\es.dll => MD5 is legit C:\windows\system32\cryptsvc.dll => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  13. still no internet. other than that things look good
  14. Ok, so I followed your directions but when I dragged CFScript.txt into ComboFix.exe, ComboFix said that it was outdated and asked if it should run a reduced scan. I may have messed up here but I figured the only way to update ComboFix since there is no internet connection on that computer was to delete then re-install it. When I did this it automatically ran a full scan and created a log. The next step I was going to do was drag CFScript.txt into ComboFix like you asked but I can't find it.. Thinking ComboFix deleted it during the system scan. So I tried following your instructions again thinking that now ComboFix is surely up to date, but when I try to drag CFScript.txt into ComboFix it says that this is a illegal operation on the registry. Here is the log from the accidental full scan I hope it is helpful- ComboFix 12-03-16.05 - Rebekah 03/16/2012 20:31:03.3.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3502.2535 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\users\Rebekah\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --> c:\windows\System32\drivers\afd.sys . ((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 ))))))))))))))))))))))))))))))) . . 2012-03-11 04:55 . 2012-03-11 04:55 -------- d-----w- c:\program files\ESET 2012-03-11 04:00 . 2012-03-11 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-11 04:00 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-10 13:32 . 2012-03-17 03:38 -------- d-----w- c:\users\Rebekah\AppData\Local\temp 2012-03-07 15:55 . 2010-11-20 08:42 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-03 01:39 . 2012-03-03 01:39 -------- d-----w- c:\users\Benny\AppData\Local\Mozilla 2012-03-01 08:20 . 2012-03-01 08:20 -------- d-----w- c:\users\Benny\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\users\Rebekah\AppData\Roaming\Malwarebytes 2012-03-01 06:22 . 2012-03-01 06:22 -------- d-----w- c:\programdata\Malwarebytes 2012-02-29 09:17 . 2012-03-04 04:17 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-04 04:18 . 2011-06-16 00:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-03 03:09 . 2011-09-04 07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-29 09:23 . 2011-03-26 22:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-03 05:20 . 2011-01-28 10:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-03 05:19 . 2011-02-15 05:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-03 05:19 . 2011-01-28 10:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-02-16 14:40 . 2012-03-03 01:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-02 7596576] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968] . c:\users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-11-25 174064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 136176] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 793200] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [2011-02-19 39984] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai NecUsbSevice REG_MULTI_SZ NecUsb . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs NICM EUSBMSD spcflt yukonwxp GameConsoleService z525mdfl PTproct . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 19:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msi.msn.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\wsauth.DLL . Completion time: 2012-03-16 20:39:47 ComboFix-quarantined-files.txt 2012-03-17 03:39 ComboFix2.txt 2012-03-10 13:32 ComboFix3.txt 2012-03-07 16:17 . Pre-Run: 68,640,759,808 bytes free Post-Run: 68,580,175,872 bytes free . - - End Of File - - B05579510DFDAEEF218E6042AE80F79B
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.