Jump to content

spyguy246

Honorary Members
  • Posts

    41
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much. I've donated a little something for your assistance.
  2. Ok, they are all deleted off the desktop.
  3. Ok, I ran OTC. I still see AdwCleaner, JRT, HijackThis, and a "backups" folder on my desktop. Am I ok to delete them manually?
  4. Sorry, a correction: I do see the folder on my desktop now. However I still cannot use the method you suggested to uninstall ComboFix.
  5. Ok, I have run the bat file as described. I tried to uninstall ComboFix, but it tells me that Windows cannot find it. After I had finished with ComboFix, AdwCleaner, and the rest, including the txt files I pasted as replies, I put them in a blank folder on the desktop so as not to have too much clutter. This file is not visible on the desktop anymore. However, I can see it if I go to My Computer and select Desktop.
  6. ESET scan log follows: C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYVJ1NA0\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLWLKJDO\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
  7. I was able to uninstall those programs. I also installed Adobe Reader XI and ran CCleaner as instructed. MBAM report follows: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.11.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Joe :: JOE-PC [administrator] 5/10/2013 10:29:20 PM mbam-log-2013-05-10 (22-29-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213524 Time elapsed: 7 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis report follows: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:38:11 PM, on 5/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\tsnp2uvc.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\G930\G930.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Steam\Steam.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe c:\program files\trillian\plugins\skypekit.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Joe\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Logitech G930] C:\Program Files\Logitech\G930\G930.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RealtekUSB - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7679 bytes The only problem I have noticed so far is that I cannot turn on Avira Real-Time Protection after the system restore. When I attempt to do so, I get a box asking if I want to allow the program to make changes to my computer...I click Yes, my mouse turns into the loading icon, and then it stops. When I go into Avira, it says that my computer is not secure and that 2 services are not working correctly: real time protection and the updater. I am able to run the updater and it updates as normal, but Avira still shows the last update date in red even though the date has changed to reflect the latest update.
  8. Ok, I restored to that last system restore point. I also attempted to download Revo and was successful. I have not run Revo or run or installed anything else yet.
  9. When I go to System Restore, it lists the following options: Date and Time: 5/10/2013 5:03:35 PM Description: Removed JavaFX 2.1.1 Type: Uninstall Date and Time: 5/10/2013 5:02:29 PM Description: Removed Java 6 Update 33 Type: Uninstall Date and Time: 5/10/2013 5:01:25 PM Description: Removed Java 6 Update 6 Type: Uninstall Date and Time: 5/10/2013 5:00:06 PM Description: Removed Java 7 Update 21 Type: Uninstall Date and Time: 5/10/2013 4:58:07 PM Description: Removed Adobe Reader X (10.1.6) Type: Uninstall Date and Time: 5/10/2013 6:37:46 AM Description: Windows Update Type: Critical Update Clicking on the checkbox for "Show More Restore Points" doesn't show any additional restore points. Will the last one at 6:30 AM be sufficient?
  10. Ok, I will System Restore and attempt to uninstall one of the Javas.
  11. One additional thing I just noticed...I think I turned on Windows Defender sometime during the CFScript action. Could this be affecting my downloads?
  12. I am also getting the "C:\Users\Joe\AppData\Local\Temp could not be saved, because you cannot change the contents of that folder. Change the folder properties and try again, or try saving in a different location." when I try to download that file.
  13. Should I be able to continue with CCleaner/MBAM scans even if I'm unable to uninstall Adobe and Java? I have also not shut down or restarted my computer since the start of this thread, in case that is relevant.
  14. I was unable to uninstall any of the mentioned programs via Add/Remove Programs. I received the following error messages: For Adobe Reader X: "Error 2203.Database: C:\Windows\Installer\432fc7e.ipi. Cannot open database file. System error -2147287035." For Java 7 Update 21: "Internal Error 2203. C:\Windows\Installer\432fc80.ipi. -2147287035" For Java 6 Update 6: "Internal Error 2203. C:\Windows\Installer\432fc83.ipi. -2147287035" For Java 6 Update 33: "Internal Error 2203. C:\Windows\Installer\432fc86.ipi. -2147287035" For JavaFX 2.1.1: "Internal Error 2203. C:\Windows\Installer\432fc88.ipi. -2147287035" I was also unable to download Revo Uninstaller Free through the provided link. Clicking on the link brings up the following error message: "C:\Users\Joe\AppData\Local\Temp could not be saved, because you cannot change the contents of that folder. Change the folder properties and try again, or try saving in a different location." I have not proceeded with any subsequent steps after these attempts failed.
  15. Report from Combofix follows: ComboFix 13-05-10.01 - Joe 05/10/2013 6:41:41.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1598 [GMT -5:00] Running from: C:\Users\Joe\Desktop\ComboFix.exe Command switches used :: C:\Users\Joe\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active ((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 ))))))))))))))))))))))))))))))) 2013-05-10 11:47:32 . 2013-05-10 11:47:32 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-05-10 11:38:05 . 2013-04-17 11:31:44 6906960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A47717BC-8FAB-4267-886B-0387F991E335}\mpengine.dll 2013-05-10 02:26:36 . 2013-05-10 02:26:37 -------- d-----w- C:\Windows\ERUNT 2013-05-10 02:26:22 . 2013-05-10 02:26:24 -------- d-----w- C:\JRT 2013-05-07 11:43:04 . 2013-05-07 11:42:54 66656 ----a-w- C:\Windows\system32\drivers\avnetflt.sys 2013-04-24 12:30:37 . 2013-04-04 10:35:08 94112 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2013-04-24 11:56:50 . 2013-04-12 13:45:29 1211752 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2013-04-10 22:07:29 . 2013-03-01 03:09:59 2347008 ----a-w- C:\Windows\system32\win32k.sys 2013-04-10 22:07:27 . 2013-01-24 04:47:07 196328 ----a-w- C:\Windows\system32\drivers\fvevol.sys 2013-04-10 22:07:25 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-04-10 22:07:24 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2013-04-10 22:07:24 . 2013-03-19 04:48:45 38912 ----a-w- C:\Windows\system32\csrsrv.dll 2013-04-10 22:07:24 . 2013-03-19 02:49:16 69632 ----a-w- C:\Windows\system32\smss.exe 2013-04-10 22:07:21 . 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\system32\mstscax.dll 2013-04-10 22:07:20 . 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\system32\aaclient.dll 2013-04-10 22:07:20 . 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\system32\tsgqec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-05-10 02:25:01 . 2010-06-24 16:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 07:06:08 . 2009-10-02 22:19:04 238872 ------w- C:\Windows\system32\MpSigStub.exe 2013-04-19 12:11:43 . 2012-08-02 22:44:26 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-04-19 12:11:43 . 2012-08-02 22:44:26 691592 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2013-04-19 00:50:10 . 2011-11-26 22:38:33 22328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.exe 2013-04-19 00:50:03 . 2011-11-26 22:38:06 107832 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2013-04-04 19:50:32 . 2008-11-21 21:42:02 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 84744 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys 2013-03-28 00:23:24 . 2013-02-18 15:30:57 135136 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2013-03-24 19:04:10 . 2012-06-25 15:14:57 861088 ----a-w- C:\Windows\system32\npdeployJava1.dll 2013-03-24 19:04:10 . 2010-04-24 19:13:39 782240 ----a-w- C:\Windows\system32\deployJava1.dll 2013-02-20 04:03:06 . 2009-05-01 19:43:10 282296 ----a-w- C:\Windows\system32\PnkBstrB.xtr 2013-02-12 04:48:31 . 2013-03-13 18:43:27 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 . 2013-03-13 18:43:27 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 03:32:45 . 2013-03-14 22:22:37 15872 ----a-w- C:\Windows\system32\drivers\usb8023.sys 2013-04-12 02:24:12 . 2013-04-12 02:24:02 263064 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\steam.exe" [2013-05-03 23:35:30 1635752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 04:35:58 4702208] "Skytel"="Skytel.exe" [2007-10-11 03:04:04 1826816] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 02:58:34 47392] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 21:21:06 169328] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-15 02:01:52 54832] "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-08-17 14:45:16 184864] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 02:01:30 71216] "tsnp2uvc"="C:\Windows\tsnp2uvc.exe" [2007-07-12 00:18:54 237568] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 19:08:14 59720] "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 21:39:48 1313640] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 20:56:42 1821576] "Logitech G930"="C:\Program Files\Logitech\G930\G930.exe" [2011-03-23 17:42:52 1516888] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 18:29:56 159456] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-10-25 09:12:14 421888] "Logitech Download Assistant"="C:\Windows\System32\LogiLDA.dll" [2012-09-20 22:02:06 1425208] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 11:42:28 345312] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2013-02-20 18:35:28 152392] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 12:32:50 253816] C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Program Files\Folding@Home Windows SMP Client V1.01\smpd.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [x] S2 RealtekUSB;RealtekUSB;C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;C:\Windows\system32\DRIVERS\JME.sys [x] S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerCi386.sys [x] S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\system32\DRIVERS\ladfBakerRi386.sys [x] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x] --- Other Services/Drivers In Memory --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache Contents of the 'Scheduled Tasks' folder 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] 2013-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-14 04:30:32 . 2011-07-14 04:30:29] ------- Supplementary Scan ------- uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ht291nhk.default\ FF - prefs.js: browser.startup.homepage - www.google.com [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,46,f7,4c,64,5f,cc,01 [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,55,19,1e,50,3b,91,4f,b0,fc,3f,\ [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:14,8c,a6,59,c7,e1,2e,ce,76,98,6e,11,6d,32,16,98,8c,2e,1c,c6,cf,43,2e, 93,5a,99,c4,c4,f7,73,ec,05,8c,33,c0,ee,ec,db,c0,f8,74,ed,5e,74,26,ba,f4,05,\ "??"=hex:d0,97,e3,8f,e5,d5,b1,67,e9,cf,d5,0a,33,00,7d,a5 [HKEY_USERS\S-1-5-21-1543331814-3164807734-2879093626-1000\Software\SecuROM\License information*] "datasecu"=hex:a6,36,cd,8c,81,4b,d0,f2,52,1f,50,0f,63,81,6c,d8,34,f6,2f,dd,16, 28,de,66,7c,5f,f5,60,08,01,d8,09,11,f0,83,8b,b9,59,a6,e7,9d,a1,b3,f5,cf,cf,\ "rkeysecu"=hex:b5,79,6f,78,91,db,ae,d4,72,98,90,1b,12,97,39,73 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Completion time: 2013-05-10 06:48:42 ComboFix-quarantined-files.txt 2013-05-10 11:48:42 ComboFix2.txt 2013-05-10 04:41:44 Pre-Run: 14,997,573,632 bytes free Post-Run: 14,837,067,776 bytes free - - End Of File - - 34D8DA983678EBCC44DB726E63D3F2C1 No problems to speak of with the computer during the scan. I did notice that some of the previously missing icons in the taskbar are now visible. The computer still seems to be working fine.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.