Jump to content

wsxqaz

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The biggest problem I think I'm facing is that I watch Formula One live streams online, which come in abundance with popup ads. I just watched a race today and I noticed that there were 2 running .exe's in my temp files. I'm sorry if this is a big step backwards Gringo. On the other hand, I am planning to keep utorrent although I will do the rest as you suggested. Thanks (I don't have the logs yet as I was waiting until after the race).
  2. Just to confirm: (1) I pasted ClearJavaCache:: and saved it as a txt file called CFScript.txt (2) I drag CFSCript.txt onto Combofix (this is what I did) I'm still getting the security alert because I didn't check "Don't show this again" but idk if I have to or not (cause I used to not have to in IE) The ads are gone, everything else works fine. CFSCript/combofix log file: ComboFix 12-11-16.02 - Anthony 16/11/2012 23:49:44.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2690 [GMT -4:00] Running from: c:\users\Anthony\Desktop\ComboFix.exe Command switches used :: c:\users\Anthony\Desktop\CFSCript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\users\Anthony\AppData\Local\Windows Server\server.dat c:\users\Anthony\Documents\~WRL1231.tmp c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\SET62BE.tmp c:\windows\SysWow64\tmp516D.tmp c:\windows\SysWow64\tmp516E.tmp c:\windows\SysWow64\tmp670E.tmp c:\windows\SysWow64\tmp670F.tmp c:\windows\SysWow64\tmp8C96.tmp c:\windows\SysWow64\tmp8C97.tmp c:\windows\SysWow64\URTTemp\regtlib.exe c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 ))))))))))))))))))))))))))))))) . . 2012-11-17 04:02 . 2012-11-17 04:02 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-11-17 04:02 . 2012-11-17 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-16 00:19 . 2012-11-16 00:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-16 00:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{123FA345-8E35-448E-8AB8-F35A0CCC8B6D}\mpengine.dll 2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- c:\users\Anthony\AppData\Local\ElevatedDiagnostics 2012-11-14 14:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-14 07:19 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 07:19 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 07:19 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 07:19 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 07:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 07:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 07:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 07:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 07:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-14 07:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 07:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 06:45 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-14 06:45 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-14 06:45 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-14 06:45 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-14 06:44 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 06:42 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-14 06:42 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-14 06:42 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-14 06:42 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-14 06:42 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-14 06:42 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-14 06:42 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-14 06:42 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-14 06:42 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-14 06:42 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-14 06:42 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-14 06:42 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-14 06:31 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-14 06:31 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-03 08:16 . 2012-11-03 08:16 -------- d-----w- c:\program files (x86)\GSAutoClicker3 2012-10-25 07:12 . 2012-10-25 07:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 07:12 . 2012-10-25 07:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-22 20:54 . 2012-09-27 07:13 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB064EBE-8C68-4B17-B082-59F7D3F84896}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 07:03 . 2010-01-12 21:58 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 05:21 . 2012-08-26 05:25 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 05:21 . 2011-05-18 01:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-29 23:54 . 2009-07-30 03:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-27 07:13 . 2011-03-25 14:53 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-14 19:19 . 2012-10-12 19:39 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 19:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 19:39 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-11 17:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-11 17:40 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-11 17:40 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-11 17:38 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-11 17:38 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 10:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 10:50 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 10:50 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 03:42 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 17:01 . 2012-09-21 14:20 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 17:01 . 2009-09-24 09:25 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2009-09-24 09:25 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-11 17:39 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-11 17:39 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-11 17:39 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-11 17:39 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-11 17:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-11 17:39 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-11 17:38 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-11 17:38 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-11 17:39 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-11 17:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-11 17:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-11 17:39 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-11 17:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-11 17:39 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-11 17:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38 . 2012-10-11 17:39 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-08-20 15:38 . 2012-10-11 17:39 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-08-20 15:33 . 2012-10-11 17:39 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 17:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 17:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 17:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-06-26 468264] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-15 515560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-11-01 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1255736] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600] R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-09-07 8704] R4 gupdate1c95c0e8db90420;Google Update Service (gupdate1c95c0e8db90420);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-13 133104] R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040] R4 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808] R4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 291296] R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-16 834544] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 60928] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 140888] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2010-11-20 13168] S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2010-11-20 16368] S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2010-11-20 24432] S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-07-04 252928] . . --- Other Services/Drivers In Memory --- . *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - IDSVia64 *Deregistered* - SymDS *Deregistered* - SymEFA *Deregistered* - SymEvent *Deregistered* - SymIRON *Deregistered* - SYMTDIv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Contents of the 'Scheduled Tasks' folder . 2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 05:21] . 2012-11-16 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 02:57] . 2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5b059e23f3b6.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-12 01:21] . 2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-12 01:21] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135059968-3854534258-652251512-1000Core.job - c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 01:44] . 2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135059968-3854534258-652251512-1000UA.job - c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 01:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local;*.local TCP: DhcpNameServer = 172.16.20.5 172.16.20.6 DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\kzcdagty.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.search.selectedEngine - mail.ru: ????? ? ????????? FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/9514 FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - Ext: Hide My IP: staff@hide-my-ip.com - c:\program files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - c:\program files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Спутник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,48,e9,a8,fc,f3,1b,47,83,bb,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,48,e9,a8,fc,f3,1b,47,83,bb,35,\ . [HKEY_USERS\S-1-5-21-135059968-3854534258-652251512-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F586BE0-3D8D-0291-FB89-6FF0FE0F3D58}*] "paiaogohddjadmfojihbjafhoaooogla"=hex:6a,61,6f,69,69,62,6c,64,66,6b,70,69,67, 6d,70,66,69,68,6f,6b,00,01 . [HKEY_USERS\S-1-5-21-135059968-3854534258-652251512-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_USERS\S-1-5-21-135059968-3854534258-652251512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:4e,25,a3,0e,f0,5d,85,2b,32,6b,0a,bb,0c,86,e5,5d,c3,25,d8,80,a8,fe,2d, 9a,9c,9e,57,91,9d,83,55,3d,9a,72,95,6e,ff,e7,84,b5,28,2a,f2,a5,e6,4e,5c,52,\ "??"=hex:7f,22,05,24,e0,0e,4e,63,17,d2,12,2e,b3,48,0d,5f . [HKEY_USERS\S-1-5-21-135059968-3854534258-652251512-1000\Software\SecuROM\License information*] "datasecu"=hex:c0,7f,11,3e,31,de,2e,6e,72,e0,d1,52,b5,a8,a7,42,e1,57,f4,71,e3, b7,c5,c3,5a,26,2f,88,9b,a3,14,52,16,37,db,72,0c,46,ba,66,ce,a8,da,90,4b,64,\ "rkeysecu"=hex:26,d1,3c,27,93,b3,5c,b4,5e,3a,4a,a5,a3,66,15,95 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid] @Denied: (A 2) (Everyone) @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-17 00:06:16 ComboFix-quarantined-files.txt 2012-11-17 04:06 . Pre-Run: 3,466,801,152 bytes free Post-Run: 3,036,102,656 bytes free . - - End Of File - - 261C2B4943A461397B0026D1A6C2B834
  3. The ads seem to have disappeared for now but I'm getting this popup: "You're about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue?" I'm not sure if this is a leftover or something, or if my internet settings were restored to default (it doesn't appear so as the menu bar is visible in IE). Also, after I'm done with all this, will you walk me through removing all the work/stuff we did from my computer (its getting cluttered in C:) Thanks Gringo. Log from combofix: ComboFix 12-11-16.02 - Anthony 16/11/2012 15:04:23.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2684 [GMT -4:00] Running from: C:\Users\Anthony\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Anthony\AppData\Local\Windows Server C:\Users\Anthony\AppData\Local\Windows Server\server.dat C:\Users\Anthony\Documents\~WRL1231.tmp C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\pthreadVC.dll C:\Windows\SysWow64\SET62BE.tmp C:\Windows\SysWow64\tmp516D.tmp C:\Windows\SysWow64\tmp516E.tmp C:\Windows\SysWow64\tmp670E.tmp C:\Windows\SysWow64\tmp670F.tmp C:\Windows\SysWow64\tmp8C96.tmp C:\Windows\SysWow64\tmp8C97.tmp C:\Windows\SysWow64\URTTemp C:\Windows\SysWow64\URTTemp\regtlib.exe C:\Windows\SysWow64\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))) 2012-11-16 00:19:29 . 2012-11-16 00:19:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-16 00:10:52 . 2012-10-12 07:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{123FA345-8E35-448E-8AB8-F35A0CCC8B6D}\mpengine.dll 2012-11-15 19:35:46 . 2012-11-15 19:35:46 -------- d-----w- C:\Users\Anthony\AppData\Local\ElevatedDiagnostics 2012-11-14 14:14:13 . 2012-10-12 07:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-14 07:19:47 . 2012-07-26 04:55:47 785512 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys 2012-11-14 07:19:47 . 2012-07-26 04:55:47 54376 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys 2012-11-14 07:19:47 . 2012-07-26 04:47:34 2560 ----a-w- C:\Windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 07:19:47 . 2012-07-26 02:36:08 9728 ----a-w- C:\Windows\system32\Wdfres.dll 2012-11-14 07:03:12 . 2012-07-26 02:26:45 87040 ----a-w- C:\Windows\system32\drivers\WUDFPf.sys 2012-11-14 07:03:12 . 2012-07-26 02:26:06 198656 ----a-w- C:\Windows\system32\drivers\WUDFRd.sys 2012-11-14 07:03:09 . 2012-07-26 03:08:14 84992 ----a-w- C:\Windows\system32\WUDFSvc.dll 2012-11-14 07:03:08 . 2012-07-26 03:08:14 194048 ----a-w- C:\Windows\system32\WUDFPlatform.dll 2012-11-14 07:03:06 . 2012-07-26 03:08:14 45056 ----a-w- C:\Windows\system32\WUDFCoinstaller.dll 2012-11-14 07:03:02 . 2012-07-26 03:08:53 229888 ----a-w- C:\Windows\system32\WUDFHost.exe 2012-11-14 07:03:02 . 2012-07-26 03:08:14 744448 ----a-w- C:\Windows\system32\WUDFx.dll 2012-11-14 06:45:01 . 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\system32\dhcpcsvc6.dll 2012-11-14 06:45:01 . 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\system32\dhcpcore6.dll 2012-11-14 06:45:01 . 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-11-14 06:45:00 . 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-11-14 06:44:55 . 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\system32\win32k.sys 2012-11-14 06:42:34 . 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-11-14 06:42:34 . 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\system32\ncsi.dll 2012-11-14 06:42:34 . 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-11-14 06:42:33 . 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\system32\nlasvc.dll 2012-11-14 06:42:33 . 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\system32\netcorehc.dll 2012-11-14 06:42:33 . 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\system32\iphlpsvc.dll 2012-11-14 06:42:33 . 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-11-14 06:42:33 . 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys 2012-11-14 06:42:33 . 2012-01-13 07:12:03 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2012-11-14 06:42:32 . 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\system32\nlaapi.dll 2012-11-14 06:42:32 . 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\system32\netevent.dll 2012-11-14 06:42:32 . 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-11-14 06:31:35 . 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-14 06:31:35 . 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\system32\synceng.dll 2012-11-03 08:16:20 . 2012-11-03 08:16:22 -------- d-----w- C:\Program Files (x86)\GSAutoClicker3 2012-10-25 07:12:26 . 2012-10-25 07:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 07:12:26 . 2012-10-25 07:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-22 20:54:43 . 2012-09-27 07:13:37 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB064EBE-8C68-4B17-B082-59F7D3F84896}\gapaengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-11-14 07:03:59 . 2010-01-12 21:58:34 66395536 ----a-w- C:\Windows\system32\MRT.exe 2012-10-09 05:21:43 . 2012-08-26 05:25:46 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-09 05:21:43 . 2011-05-18 01:39:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-29 23:54:26 . 2009-07-30 03:30:33 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-27 07:13:37 . 2011-03-25 14:53:08 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-14 19:19:29 . 2012-10-12 19:39:42 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-09-14 18:28:53 . 2012-10-12 19:39:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 . 2012-10-12 19:39:49 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2012-08-31 02:03:48 . 2012-08-31 02:03:48 228768 ----a-w- C:\Windows\system32\drivers\MpFilter.sys 2012-08-31 02:03:48 . 2012-03-21 00:44:12 128456 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 . 2012-10-11 17:40:24 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-08-30 17:12:02 . 2012-10-11 17:40:26 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 . 2012-10-11 17:40:26 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 . 2012-10-11 17:38:34 220160 ----a-w- C:\Windows\system32\wintrust.dll 2012-08-24 16:57:48 . 2012-10-11 17:38:35 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-22 18:12:40 . 2012-09-12 10:50:33 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-08-22 18:12:40 . 2012-09-12 10:50:31 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-08-22 18:12:33 . 2012-09-12 10:50:31 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 . 2012-09-26 03:42:48 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-08-21 17:01:20 . 2012-09-21 14:20:45 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 17:01:20 . 2009-09-24 09:25:05 125872 ----a-w- C:\Windows\system32\GEARAspi64.dll 2012-08-21 17:01:20 . 2009-09-24 09:25:05 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 . 2012-10-11 17:39:11 362496 ----a-w- C:\Windows\system32\wow64win.dll 2012-08-20 18:48:44 . 2012-10-11 17:39:11 243200 ----a-w- C:\Windows\system32\wow64.dll 2012-08-20 18:48:44 . 2012-10-11 17:39:11 13312 ----a-w- C:\Windows\system32\wow64cpu.dll 2012-08-20 18:48:43 . 2012-10-11 17:39:10 215040 ----a-w- C:\Windows\system32\winsrv.dll 2012-08-20 18:48:37 . 2012-10-11 17:39:10 16384 ----a-w- C:\Windows\system32\ntvdm64.dll 2012-08-20 18:48:35 . 2012-10-11 17:39:08 424448 ----a-w- C:\Windows\system32\KernelBase.dll 2012-08-20 18:48:35 . 2012-10-11 17:38:57 1162240 ----a-w- C:\Windows\system32\kernel32.dll 2012-08-20 18:46:22 . 2012-10-11 17:38:56 338432 ----a-w- C:\Windows\system32\conhost.exe 2012-08-20 18:38:32 . 2012-10-11 17:39:09 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38:32 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38:31 . 2012-10-11 17:39:09 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40:21 . 2012-10-11 17:39:43 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 . 2012-10-11 17:39:43 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 . 2012-10-11 17:39:43 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 . 2012-10-11 17:39:43 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 . 2012-10-11 17:39:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32:13 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32:12 . 2012-10-11 17:39:44 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38:21 . 2012-10-11 17:39:43 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 . 2012-10-11 17:39:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 . 2012-10-11 17:39:45 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-11 17:39:45 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-11 17:39:45 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 . 2012-10-11 17:39:45 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 18:12:28 439568] "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 21:14:02 202032] "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 20:19:34 513080] "QPService"="C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [2008-06-26 05:35:38 468264] "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-15 04:43:20 515560] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 22:44:14 183560] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 05:01:44 54824] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 16:33:26 193840] R3 dc3d;MS Hardware Device Detection Driver (HID);C:\Windows\system32\DRIVERS\dc3d.sys [2010-04-17 01:24:34 27536] R3 JakNDisMP;JakNDisMP;C:\Windows\system32\DRIVERS\JakNDis.sys [x] R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-29 23:54:26 25928] R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 22:29:30 29293408] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 02:03:48 128456] R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-13 01:21:48 368896] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [x] R3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys [2009-11-01 17:16:39 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 19:04:38 45432] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2011-05-10 12:06:08 51712] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 20:41:58 146736] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-17 01:35:48 1255736] R4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 22:42:58 89600] R4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-09-07 18:40:18 8704] R4 gupdate1c95c0e8db90420;Google Update Service (gupdate1c95c0e8db90420);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-13 01:21:56 133104] R4 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 22:38:46 542040] R4 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 21:45:22 329544] R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 23:54:26 399432] R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 23:54:26 676936] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 21:33:02 47128] R4 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-04-26 08:15:26 361808] R4 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2008-08-06 15:34:54 291296] R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 21:43:23 386344] R4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 17:28:36 160944] R4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 04:43:20 515560] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2010-06-09 23:01:10 55856] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-01-16 06:24:16 834544] S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2011-05-13 22:58:10 30520] S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 13:24:24 60928] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-08 10:16:30 140888] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 20:37:18 7675392] S3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2010-11-20 01:00:22 13168] S3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2010-11-20 01:00:06 16368] S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2010-11-20 01:00:14 24432] S3 VSTWinDriver6;VSTWinDriver6;C:\Windows\system32\drivers\VSTwindrvr6.sys [2008-07-04 04:49:26 252928] --- Other Services/Drivers In Memory --- *NewlyCreated* - WS2IFSL *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - IDSVia64 *Deregistered* - SymDS *Deregistered* - SymEFA *Deregistered* - SymEvent *Deregistered* - SymIRON *Deregistered* - SYMTDIv [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Contents of the 'Scheduled Tasks' folder 2012-11-16 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 05:25:46 . 2012-10-09 05:21:44] 2012-11-16 C:\Windows\Tasks\Google Software Updater.job - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 18:12:35 . 2012-08-11 02:57:14] 2012-11-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ca5b059e23f3b6.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-12-12 04:03:11 . 2009-02-13 01:21:56] 2012-11-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-12-12 04:03:11 . 2009-02-13 01:21:56] 2012-11-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135059968-3854534258-652251512-1000Core.job - C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:18:36 . 2012-09-17 01:44:53] 2012-11-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-135059968-3854534258-652251512-1000UA.job - C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:18:36 . 2012-09-17 01:44:53] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-10-03 16:01:00 16395880] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 19:04:36 2399632] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2010-03-23 18:53:06 487424] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 04:46:54 685568] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local;*.local TCP: DhcpNameServer = 172.16.20.5 172.16.20.6 DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\kzcdagty.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.search.selectedEngine - mail.ru: ????? ? ????????? FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/9514 FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - Ext: Hide My IP: staff@hide-my-ip.com - C:\Program Files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Спутник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - - - - ORPHANS REMOVED - - - - HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-GeoGebra 4 - C:\Windows\system32\javaws.exe
  4. FYI the problem persists. I see that the hosts file has some weird links associated with it?
  5. Security Check results: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 29 Java 6 Update 6 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.8) Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` AdwCleaner results: # AdwCleaner v2.007 - Logfile created 11/16/2012 at 10:35:49 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Anthony - ANTHONY-PC # Boot Mode : Normal # Running from : C:\Users\Anthony\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar Folder Found : C:\Program Files (x86)\DealBulldog Toolbar Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\Anthony\AppData\Local\TempDir Folder Found : C:\Users\Anthony\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\kzcdagty.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\SMTTB2009 Key Found : HKCU\Software\Somoto Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009 Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3 Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.8 (en-US) Profile name : default File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\kzcdagty.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10511 octets] - [16/11/2012 10:25:16] AdwCleaner[R2].txt - [10477 octets] - [16/11/2012 10:35:49] ########## EOF - C:\AdwCleaner[R2].txt - [10538 octets] ########## RogueKiller results: RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Anthony [Admin rights] Mode : Remove -- Date : 11/16/2012 10:44:52 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 15 ¤¤¤ [TASK][sUSP PATH] At1.job : C:\Users\Anthony\AppData\Local\Temp\gpupdatea.exe -> DELETED [TASK][sUSP PATH] At1 : C:\Users\Anthony\AppData\Local\Temp\gpupdatea.exe -> DELETED [TASK][sUSP PATH] Norton Internet Security - Run Full System Scan - Anthony : C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> DELETED [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-135059968-3854534258-652251512-1000\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-135059968-3854534258-652251512-1000\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 217.23.13.202 www.google-analytics.com. 217.23.13.202 ad-emea.doubleclick.net. 217.23.13.202 www.statcounter.com. 198.15.104.132 www.google-analytics.com. 198.15.104.132 ad-emea.doubleclick.net. 198.15.104.132 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT0 ATA Device +++++ --- User --- [MBR] e517c2d8ed62dafa159e93bd59eee753 [bSP] 5a06ba0620f692b2259ca4f8e438ba3b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294700 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603547648 | Size: 10541 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: JMCR SD/MMC SCSI Disk Device +++++ --- User --- [MBR] ede6a74191614c8675f2e37a68d7309d [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7635 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_11162012_02d1044.txt >> RKreport[1]_S_11162012_02d1043.txt ; RKreport[2]_D_11162012_02d1044.txt
  6. Here are the two log files: attach.txt dds.txt Ads keep popping up in the lower left/right corners of the browser page (IE, Firefox, Chrome). Here are a couple screenshots: This probably won't matter but I think my problem is the same as the ones found in these threads: http://forums.malwarebytes.org/index.php?showtopic=116729 http://www.bleepingcomputer.com/forums/topic467004.html Thanks in advanced (I'm going to sleep, I was up all night at a friend's brithday party but I will be online again in the morning before class starts at 7:30 e.t.).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.