Jump to content

enigma2000

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything seems to be working OK, he says. I do have one more question, though. We installed the latest version of Java. He uses it to play Runescape (and probably other things, as well). If he disables it in the browser, how will games like that work, since he plays it in the browser? Thanks for all your help! Keep fighting!
  2. I haven't had a chance to get with my son to uninstall the software you mention above. Hopefully in the next day or two we can do that. I haven't forgot about you, it's just tough with my son's work schedule!
  3. It appears to be running OK. Although after ComboFix rebooted the computer, Internet Explorer wouldn't start up; it had some message about a missing registry key. We rebooted again, and then it worked. Also, the first time I ran ComboFix, it said it had expired, and deleted itself. I copied it onto the desktop again, and it ran OK. anyway, here's ComboFix's log file: ComboFix 13-05-13.01 - Robert 05/25/2013 22:39:53.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.5253 [GMT -5:00] Running from: c:\users\Robert\Desktop\ComboFix.exe Command switches used :: c:\users\Robert\Desktop\CFScript.txt.txt AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_CltMngSvc . . ((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 ))))))))))))))))))))))))))))))) . . 2013-05-26 03:46 . 2013-05-26 03:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-26 03:46 . 2013-05-26 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-25 18:44 . 2013-05-25 18:44 -------- d-----w- c:\program files (x86)\SearchProtect 2013-05-25 18:44 . 2013-05-25 18:44 -------- d-----w- c:\users\Robert\AppData\Roaming\SearchProtect 2013-05-25 18:44 . 2013-05-25 18:44 -------- d-----w- c:\program files (x86)\Conduit 2013-05-25 18:44 . 2013-05-25 18:44 -------- d-----w- c:\users\Robert\AppData\Local\Conduit 2013-05-25 18:44 . 2013-05-25 18:44 -------- d-----w- c:\program files (x86)\RuneScape 2013-05-23 01:52 . 2013-05-23 01:52 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-23 01:51 . 2013-05-23 01:51 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-23 01:51 . 2013-05-23 01:51 -------- d-----w- c:\program files (x86)\Java 2013-05-23 01:17 . 2013-05-23 01:17 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes 2013-05-23 01:17 . 2013-05-23 01:17 -------- d-----w- c:\programdata\Malwarebytes 2013-05-23 01:17 . 2013-05-23 01:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-23 01:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-23 01:16 . 2013-05-23 01:16 -------- d-----w- c:\users\Robert\AppData\Local\Programs 2013-05-23 01:12 . 2013-05-23 01:12 -------- d-----w- c:\program files\CCleaner 2013-05-23 01:07 . 2013-05-23 01:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-05-23 00:49 . 2013-05-23 00:49 -------- d-----w- c:\program files (x86)\VS Revo Group 2013-05-17 21:54 . 2013-05-18 03:23 -------- d-----w- c:\users\Robert\AppData\Roaming\TeraCopy 2013-05-17 21:54 . 2013-05-17 21:54 -------- d-----w- c:\program files\TeraCopy 2013-05-15 02:27 . 2013-05-17 02:43 -------- d-----w- c:\users\Robert\AppData\Local\ElevatedDiagnostics 2013-05-14 03:54 . 2013-05-14 03:54 -------- d-----w- C:\FRST 2013-05-14 02:47 . 2013-05-17 01:26 -------- d-----w- C:\JRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-23 01:51 . 2012-07-03 18:43 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-05-20 15:56 . 2013-01-14 21:06 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-18 03:29 . 2012-06-22 20:58 499712 ----a-w- c:\windows\system32\drivers\AFD.SYS 2013-05-18 01:57 . 2009-07-14 00:10 79672 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS 2013-05-15 03:19 . 2012-02-17 23:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 03:19 . 2012-02-17 23:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-09 21:07 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-07 19:52 . 2012-09-04 23:45 40736 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-04-13 05:49 . 2013-05-20 02:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-20 02:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-20 02:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-20 02:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-20 02:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-20 02:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-23 18:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-29 07:53 . 2013-03-29 07:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-03-21 08:08 . 2013-03-21 08:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-03-19 06:04 . 2013-04-10 21:34 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 21:34 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 21:34 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 21:34 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 21:34 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 21:34 112640 ----a-w- c:\windows\system32\smss.exe 2013-02-28 03:58 . 2013-02-28 03:58 540160 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2013-02-28 03:58 . 2013-02-28 03:58 656896 ------w- c:\windows\system32\stapi64.dll 2013-02-28 03:58 . 2013-02-28 03:58 450048 ----a-w- c:\windows\system32\stcplx64.dll 2013-02-28 03:58 . 2013-02-28 03:58 1988096 ----a-w- c:\windows\system32\stapo64.dll 2013-02-28 03:58 . 2012-06-22 21:04 6085632 ----a-w- c:\windows\system32\stlang64.dll 2013-02-28 03:58 . 2012-06-22 21:04 464384 ----a-w- c:\windows\system32\slapoi64.dll 2013-02-28 03:58 . 2012-06-22 21:04 1425408 ----a-w- c:\windows\sttray64.exe 2013-02-28 03:58 . 2012-06-22 21:04 255488 ----a-w- c:\windows\system32\staco64.dll 2013-02-28 03:58 . 2012-06-22 21:04 224256 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2013-02-28 03:58 . 2012-06-22 21:04 7986176 ----a-w- c:\windows\system32\IDTNGUI.exe 2013-02-28 03:58 . 2012-06-22 21:04 7683584 ----a-w- c:\windows\system32\IDTNHP.dll 2013-02-28 03:58 . 2012-06-22 21:04 252928 ----a-w- c:\windows\system32\IDTNJ.exe 2013-02-28 03:58 . 2012-06-22 21:04 2211840 ----a-w- c:\windows\system32\IDTNX.dll 2013-02-28 03:58 . 2012-06-22 21:04 1821184 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-02-28 03:53 . 2013-02-28 03:53 831336 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-28 03:53 . 2013-02-28 03:53 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2013-02-28 03:53 . 2013-02-28 03:53 14912872 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-28 03:53 . 2013-02-28 03:53 12491624 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-28 03:53 . 2013-02-28 03:53 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-28 03:53 . 2013-02-28 03:53 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-28 03:53 . 2013-02-28 03:53 26328936 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-28 03:53 . 2012-06-22 21:03 973160 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-28 03:53 . 2013-02-28 03:53 7693160 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-28 03:53 . 2013-02-28 03:53 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2013-02-28 03:53 . 2013-02-28 03:53 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2013-02-28 03:53 . 2013-02-28 03:53 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-28 03:53 . 2013-02-28 03:53 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-28 03:53 . 2013-02-28 03:53 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-28 03:53 . 2013-02-28 03:53 19906408 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-28 03:53 . 2013-02-28 03:53 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-28 03:53 . 2013-02-28 03:53 18251624 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-28 03:53 . 2013-02-28 03:53 15308648 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-28 03:53 . 2013-02-28 03:53 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-28 03:53 . 2013-02-28 03:53 13425512 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-28 03:53 . 2012-06-22 21:03 247144 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-28 03:53 . 2012-06-22 21:03 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-28 03:53 . 2012-06-22 21:03 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-28 03:53 . 2013-02-28 03:53 9139048 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-28 03:53 . 2013-02-28 03:53 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-28 03:53 . 2013-02-28 03:53 2428264 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-28 03:53 . 2013-02-28 03:53 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-28 03:53 . 2012-06-22 21:03 2731880 ----a-w- c:\windows\system32\nvapi64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2013-04-10 231712] . [HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}] 2013-04-10 10:19 231712 ----a-w- c:\program files (x86)\RuneScape\prxtbRune.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files (x86)\RuneScape\prxtbRune.dll" [2013-04-10 231712] . [HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376] "SearchProtect"="c:\users\Robert\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-08-30 75048] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/29 22:20;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-02-08 244720] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-21 34200] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-25 272688] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2013-01-08 401856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-04 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-28 30056] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-07 40736] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-04-10 1428472] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 135952] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2013-02-07 1641768] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-24 31040] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800] S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-05-07 1008816] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys [2011-12-07 108288] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2011-12-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-12-21 25496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2011-10-14 20016] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_38F51D56 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-18 04:20 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 03:19] . 2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 04:19] . 2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 04:19] . 2013-05-24 c:\windows\Tasks\HPCeeScheduleForRobert.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . 2013-05-26 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job - c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-09-16 00:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-30 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-30 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-30 439064] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-28 1425408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file) AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\HP SimplePass\IEWebSiteLogon.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-05-25 22:57:30 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-26 03:57 ComboFix2.txt 2013-05-18 01:31 ComboFix3.txt 2013-05-14 03:55 . Pre-Run: 893,821,120,512 bytes free Post-Run: 894,062,972,928 bytes free . - - End Of File - - DCAEB9F92757B8DA37D7633E480F2EEB
  4. Let me try that again, somehow HTML got in there. C:\Documents and Settings\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR3T25CX\SPSetup[1].exe multiple threats C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application C:\FRST\Quarantine\bae61de.exe a variant of Win32/Kryptik.BBQX trojan C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Program Files (x86)\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application C:\Program Files (x86)\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR3T25CX\SPSetup[1].exe multiple threats C:\Users\Robert\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Users\Robert\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application C:\Users\Robert\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Users\Robert\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\Users\Robert\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application C:\Users\Robert\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application C:\Users\Robert\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B application C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B application Operating memory multiple threats
  5. <p> </p> <div>C:\Documents and Settings\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR3T25CX\SPSetup[1].exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\ChromeModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\cltmng.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.B application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\bin\SPHook32.dll<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\ffprotect\application.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\Documents and Settings\Robert\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\FRST\Quarantine\bae61de.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Kryptik.BBQX trojan</div> <div>C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Program Files (x86)\SearchProtect\bin\cltmng.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.B application</div> <div>C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Program Files (x86)\SearchProtect\ffprotect\application.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR3T25CX\SPSetup[1].exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\bin\ChromeModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\bin\cltmng.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.B application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\bin\SPHook32.dll<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Conduit.SearchProtect.C application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\ffprotect\application.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\Users\Robert\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conduit.SearchProtect.A application</div> <div>C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DealPly.B application</div> <div>C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DealPly.B application</div> <div>Operating memory<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats</div> <div> </div>
  6. We just need more time; my son was working a lot the last couple days so I didn't have a chance to get on his computer. I should be able to continue later today; so by tonight we should have some results for you. By the way, now long does the eset scan take, usually?
  7. We didn't have any problems running anything. Malwarebytes didn't find anything. My son says the computer is running fine, and he can access the Internet wirelessly just fine. ------------------------------------------------------------------------------------------------------------------ Here's the Malwarebytes log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.22.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: ROBERT-HP [administrator] 5/22/2013 8:20:36 PM mbam-log-2013-05-22 (20-20-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239286 Time elapsed: 3 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------------- Here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:28:36 PM, on 5/22/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\HP SimplePass\TouchControl.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Users\Robert\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: CyberLink Product - 2012/08/29 22:20:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- End of file - 14047 bytes
  8. Sorry, we weren't able to work on it for a couple of days. We're going to start the tasks in your above post tonight, in just a few minutes, so hopefully we'll have some results for you later tonight. thanks! enigma
  9. Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 Bejeweled 3 Bing Bar Blackhawk Striker 2 Blio Chuzzle Deluxe Cradle of Rome 2 CyberLink PowerDVD CyberLink YouCam D3DX10 Dora's World Adventure ESU for Microsoft Windows 7 SP1 Evernote v. 4.5.2 Farm Frenzy Farmscapes FATE Final Drive Fury GameSpy Arcade Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Recovery Manager HP Setup HP Setup Manager HP SimplePass HP Software Framework HP Support Assistant HyperCam 2 IDT Audio Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® WiDi Java 7 Update 9 Java Auto Updater JavaFX 2.1.1 Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Letters from Nowhere 2 Luxor HD Mah Jong Medley Mesh Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Rise Of Nations Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MIT/GNU Scheme Morrowind MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser opensource Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Realtek Ethernet Controller Driver Realtek PCIE Card Reader RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.3 swMSM TES Construction Set The Treasures of Mystery Island: The Ghost Ship Torchlight Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Visual Studio 2008 x64 Redistributables WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge
  10. Hurray!!! Wireless is back!!! From all the scans we've sent you, does it look like there are any more problems?
  11. Still no wireless. Farbar Service Scanner Version: 14-04-2013 Ran by Robert (administrator) on 19-05-2013 at 18:26:27 Running from "F:\" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-06-22 15:58] - [2013-05-17 22:29] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  12. Still no wireless connectivity. Farbar Service Scanner Version: 14-04-2013 Ran by Robert (administrator) on 18-05-2013 at 22:36:00 Running from "F:\" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. afd Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-06-22 15:58] - [2013-05-17 22:29] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  13. Well, it was able to connect wired, but after posting that last night, it stopped connecting that way, too! Farbar Service Scanner Version: 14-04-2013 Ran by Robert (administrator) on 18-05-2013 at 18:18:10 Running from "F:\" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. afd Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-06-22 15:58] - [2013-05-17 22:29] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  14. afd.sys is now 488K, so that seems better. However, it still won't connect wirelessly. I tried using Windows Network Diagnostics to troubleshoot and repair the problem; it didn't work. Here's blitzblanks log: BlitzBlank 1.0.0.32 File/Registry Modification Engine native application CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys", destinationFile = "\??\c:\windows\system32\drivers\afd.sys"
  15. Gringo, I get the impression that afd.sys was corrupted, and the above was copying a correct copy of the file back into Windows. But the file size is 78K now, which I think is what it was before. From the above log, it looks like the file that should have been copied should be over 400K. Did the copy not work right? Or isn't that what combofix was doing?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.